Content Filter Screens
See the Content Filter section for related information on these screens.
Content FilterOverview
Content filter allows you to block certain web features, such as cookies, and/or block access to specific web sites. It can also block access to specific categories of web site content. You can create different content filter policies for different addresses, schedules, users or groups and content filter profiles. For example, you can configure one policy that blocks John Doe's access to arts and entertainment web pages during the workday and another policy that lets him access them after work.
Content Filter Policies
A content filter policy allows you to do the following.
Content Filter Profiles
A content filter profile conveniently stores your custom settings for the following features.
Category-based Blocking
The ZyWALL can block access to particular categories of web site content, such as pornography or racial intolerance.
Restrict Web Features
The ZyWALL can disable web proxies and block web features such as ActiveX controls, Java applets and cookies.
Customize Web Site Access
You can specify URLs to which the ZyWALL blocks access. You can alternatively block access to all URLs except ones that you specify. You can also have the ZyWALL block access to URLs that contain particular keywords.
Content Filter Configuration Guidelines
You must configure an address object, a schedule object and a filtering profile before you can set up a content filter policy. When the ZyWALL receives an HTTP request, the content filter searches for a policy that matches the source address and time (schedule). The content filter checks the policies in order (based on the policy numbers). When a matching policy is found, the content filter allows or blocks the request depending on the settings of the filtering profile specified by the policy. Some requests may not match any policy. The ZyWALL allows the request if the default policy is not set to block. The ZyWALL blocks the request if the default policy is set to block.
Content Filter General Screen
Use this screen to enable content filtering, view and order your list of content filter policies, create a denial of access message or specify a redirect URL and check your external web filtering service registration status.
Anti-X > Content Filter > General
Label Description General Setup Enable Content Filter Select this check box to enable the content filter. Policies This is a list of the configured content filter policies. Block web access when no policy is applied Select this check box to stop users from accessing the Internet by default when their attempted access does not match a content filter policy. # This column lists the index numbers of the content filter policies. Address A content filter policy applies to web access from the IP addresses listed here. any means the content filter policy applies to all of the web access requests that the ZyWALL receives from any IP address. Schedule This column displays the name of the schedule for each content filter policy. You can define different policies for different time periods. none means the content filter policy applies all of the time. User This column displays the individual or group to which this policy applies. any means the content filter policy applies to all of the web access requests that the ZyWALL receives from any user. Filtering Profile This column displays the name of the content filter profile that each content filter policy uses. The content filter profile defines to which web services, web sites or web site categories access is to be allowed or denied. Add Click the Add icon at the top of the column to create a new content filter policy at the top of the list.The Active icon shows the entry is enabled. Click this icon to disable the entry.The Inactive icon shows the entry is disabled. Click this icon to enable the entry.Click the Edit icon to go to a screen where you can change the configuration settings of an entry.Click the Remove icon to delete an entry from the list.Click the Move icon, type a number in the move entry dialog box and press [ENTER] to move the entry to the numbered location.Click a content filter policy's Add icon to create a new content filter policy above the current line. All other entries below the new entry are pushed down.The ordering of the content filter policies is important as they are used in the order they are listed. The ZyWALL checks requests for Web sessions against the list of content filter policies (starting from the first in the list). The ZyWALL's content filter feature blocks or allows the Web session according to the first matching content filter policy and does not check any other content filter policies. The ZyWALL does not perform content filter on Web session requests that do not match any of the content filter policies. Denied Access Message Enter a message to be displayed when content filter blocks access to a web page. Use up to 255 characters (0-9a-zA-Z;/?:@&=+$\.-_!~*'()%,). For example, "Access to this web page is not allowed. Please contact the network administrator". Redirect URL Enter the URL of the web page to which you want to send users when their web access is blocked by content filter. The web page you specify here opens in a new frame below the denied access message.Use "http://" followed by up to 255 characters (0-9a-zA-Z;/?:@&=+$\.-_!~*'()%). For example, http://192.168.1.17/blocked access. Registration Status This read-only field displays the status of your content-filtering database service registration.Not Licensed displays if you have not successfully registered and activated the service.Expired displays if your subscription to the service has expired.Licensed displays if you have successfully registered the ZyWALL and activated the service.After you register for content filter, you can see Content Filter Categories Screen for how to use the Test Against Web Filtering Server button. When the content filter is active, you should see the web page's category. The query fails if the content filter is not active.You can view content filter reports after you register the ZyWALL and activate the subscription service in the Registration screen . Registration Type This read-only field displays what kind of service registration you have for the content-filtering database.Not Licensed displays if you have not successfully registered and activated the service.Standard displays if you have successfully registered the ZyWALL and activated the service.Trial displays if you have successfully registered the ZyWALL and activated the trial service subscription. Apply new Registration This link appears if you have not registered for the service or only have the trial registration. Click this link to go to the screen where you can register for the service. Apply Click Apply to save your changes back to the ZyWALL. Reset Click Reset to begin configuring this screen afresh.
Content Filter Policy Screen
Use this screen to configure a content filter policy. A content filter policy defines which content filter profile should be applied, when it should be applied, and to whose web access it should be applied.
Anti-X > Content Filter > General > Add
Label Description Schedule Select a schedule to define when to apply this content filter policy. You can define different policies for different time periods. For example, you could have one policy that blocks access to certain categories of web sites during working hours and another policy that allows access to certain categories after the work day is over.Select Create Object to configure a new schedule (see Schedules for details).Select NONE to have the content filter policy apply all of the time. Address Select the address or address group for which you wan to use this policy.Select Create Object to configure a new address or address group.Select ANY to have the content filter policy apply to all of the web access requests that the ZyWALL receives from any IP address. Filtering Profile Use the drop-down list box to select the content filter profile that you want to use for this policy. The content filter profile defines to which web services, web sites or web site categories access is to be allowed or denied. Use the content filter Filtering Profiles screens to configure the profiles. User/Group Use the drop-down list box to select the individual or group for which you want to use this policy.Select Create Object to configure a new user account (see User Add/Edit for details).Select ANY to have the content filter policy apply to all of the web access requests that the ZyWALL receives from any user. OK Click OK to save your changes back to the ZyWALL. Cancel Click Cancel to begin configuring this screen afresh.
Content Filter Profile Screen
A content filter profile defines to which web services, web sites or web site categories access is to be allowed or denied.
External Web Filtering Service
When you register for and enable the external web filtering service, your ZyWALL accesses an external database that has millions of web sites categorized based on content. You can have the ZyWALL block, block and/or log access to web sites based on these categories.
Content Filter Categories Screen
Use this screen to enable external database content filtering and select which web site categories to block and/or log.
Note: You must register for external content filtering before you can use it.
See Registration for how to register.
Do the following to view content filtering reports .
- Log into myZyXEL.com and click your device's link to open it's Service Management screen.
- Click Content Filter in the Service Name field to open the Blue Coat login screen.
- Enter your ZyXEL device's MAC address (in lower case) in the Name field. You can find this MAC address in the Service Management screen . Type your myZyXEL.com account password in the Password field. Click Submit.
Content Filter Customization Screen
You can create a list of good (allowed) web site addresses and a list of bad (blocked) web site addresses. You can also block web sites based on whether the web site's address contains a keyword. Use this screen to add or remove specific sites or keywords from the filter list.
Keyword Blocking URL Checking
The ZyWALL checks the URL's domain name (or IP address) and file path separately when performing keyword blocking.
The URL's domain name or IP address is the characters that come before the first slash in the URL. For example, with the URL www.zyxel.com.tw/news/pressroom.php, the domain name is www.zyxel.com.tw.
The file path is the characters that come after the first slash in the URL. For example, with the URL www.zyxel.com.tw/news/pressroom.php, the file path is news/pressroom.php.
Since the ZyWALL checks the URL's domain name (or IP address) and file path separately, it will not find items that go across the two. For example, with the URL www.zyxel.com.tw/news/pressroom.php, the ZyWALL would find "tw" in the domain name (www.zyxel.com.tw). It would also find "news" in the file path (news/pressroom.php) but it would not find "tw/news".
Content Filter Cache Screen
Use this screen to view and configure your ZyWALL's URL caching. You can also configure how long a categorized web site address remains in the cache as well as view those web site addresses to which access has been allowed or blocked based on the responses from the external content filtering server. The ZyWALL only queries the external content filtering database for sites not found in the cache.
You can remove individual entries from the cache. When you do this, the ZyWALL queries the external content filtering database the next time someone tries to access that web site. This allows you to check whether a web site's category has been changed.