Filtering websites in Micro Edge

Overview

Micro Edge includes web filtering powered by Webroot BrightCloud®. Web Filter is a security feature that blocks access to harmful web content by enabling the administrator to control access to websites based on themed groupings called "Categories" or specific websites.

Important details regarding Web Filter:

  • Web Filter requires an active subscription.
  • To capture the client request from SSL-based web traffic, Web Filter uses the Server Name Indication (SNI). As a result, web filtering is based only on the domain part of the URL.
  • Web Filter does not generate a block page or otherwise alert the user that the site they are trying to reach is blocked. The session is closed silently, causing the browser to generate a "page not found" or "session was reset" error message.
  • Websites added to Pass Sites or Block Sites bypass the categorization lookup and therefore do not have an associated category when viewed in reports.

Web Filter Categories

Web Filter's most admin-friendly feature is Categories, provided by the BrightCloud lookup engine. BrightCloud sorts more than seven billion URLs into eighty Categories, grouped by general theme: adult content; malware distribution sites; social networking; streaming content; and much more.

A site can belong to up to two Categories. If a site belongs to two Categories, the site would be blocked if either Category is set to block. For example, if a site is Categorized as both "Social Networking" and "News" and you have blocked the "News" Category, the website will be blocked even if you are allowing "Social Networking".

By default, Web Filter blocks the "Adult and Pornography" and "Questionable" Categories, as well as most Categories associated with the Security heading: "Botnets", "Keyloggers and Monitoring", and so on.

To block an entire Category of sites, check the Block checkbox for that Category. To disable the block, remove that check.

Blocking a Category requires that the "flag" option is set as well. This option is automatically enabled when you select to block a Category. If you would prefer to flag a given Category without blocking it, check the Flag checkbox.

Categories overview image

When a user opens a web browser and navigates to a site, Web Filter submits a real-time lookup to the BrightCloud API, which returns the Category information to Micro Edge. Based on your settings, the site is then blocked or allowed. Micro Edge does cache URL lookups for a short time, so multiple lookups for the same URL can be resolved by Micro Edge itself.

Note regarding DNS-over-TLS

Some web browsers force a DNS-over-TLS or DNS-over-HTTPS lookup; Firefox is the most common of these browsers. DNS-over-TLS can be Categorized as "Proxy Avoidance and Anonymizers", which is one of the Categories Web Filter blocks by default. Most browsers should fall back to non-HTTPS DNS queries so you should not notice a difference. If your browser does not, we advise adding a Pass Site entry for the DNS-over-TLS service used by that browser.

For example, Firefox uses mozilla.cloudflare-dns.com:

firefox.png

Blocking Specific Sites

It's possible to block access to a particular website regardless of whether its Category is blocked or not. This requires a Block Site entry, which enables Micro Edge to block this specific website or URL any time it is requested.

You can also create a Block Site entry to flag traffic instead of blocking it. This allows users to reach the site, but creates a flagged reporting condition.

To block a website:

  1. Go to Settings > Web Filter > Block Sites.
  2. Click Add Site.
  3. Enter the website or URL into the Enter site/domain field. It's usually best to use just the domain itself, such as facebook.com or youtube.com.
  4. Verify your settings for block and flag behavior. Note that you cannot disable flagging if a site is blocked.
  5. Enable the exact match checkbox if you would like Web Filter to only block exactly what you have entered in the site/domain field. We recommend leaving this option disabled when blocking access to an entire website.
  6. Create a Description so you can identify what site this rule is blocking.
  7. Click OK to save your rule.
  8. Click Save to apply your rule(s) to Micro Edge.

Create block site menu

Allowing Access to Sites

You can use a Pass Site entry to allow a particular website to be reachable even if it belongs to a Category that would otherwise be blocked. For example, you might block the "Social Networking" Category, but want to allow access to Facebook.

To pass a website:

  1. Go to Settings > Web Filter > Pass Sites.
  2. Click Add Site.
  3. Enter the website or URL into the Enter site/domain field. It's usually best to use just the domain itself, such as facebook.com or youtube.com.
  4. Verify your settings for pass and flag behavior. Setting the "flag" option will cause the site to be logged in Web Filter's Reports even though it is not being filtered by Web Filter.
  5. Enable the exact match checkbox if you would like Web Filter to only allow exactly what you have entered in the site/domain field. We recommend leaving this option disabled when allowing access to an entire website.
  6. Create a Description so you can identify what site this rule is allowing.
  7. Click OK to save your rule.
  8. Click Save to apply your rule(s) to Micro Edge.

Pass Site setup menu

Web Filter Reports

Web Filter's reporting function gives you information about the web traffic passing through Micro Edge

The slider at the top of each report enables you to determine the timeframe shown. The default is "past 24 hours" but it can be shortened down to a single hour if you need more precise reporting.

Time Range slider

Each report makes a distinction between blocked sites and visited sites. A visited site is one that was not blocked: a site the user was allowed to reach.

Summary report

The Summary report contains a number of widgets which provide at-a-glance details about Web Filter's functions. Each pie chart shows a general breakdown of its topic as well as a count of how many times a reporting event was generated.

Top Blocked Sites The most frequently blocked websites.
Top Visited Sites The most frequently visited websites.
Top Blocked Categories The most frequently blocked Categories in your network.
Top Visited Categories The most frequently visited Categories in your network.
Top Clients by Blocked Sites Client IP addresses of devices generating the most traffic to blocked websites. This can be thought of as a "top offenders" report.
Top Clients by Visited Sites Client IP addresses of devices generating the most traffic to non-blocked websites. This graph gives you some insight into the devices which are generating the most web traffic in your network.

 

Visited Sites report

This report provides more granular, detailed information about web traffic.

You can use the checkboxes at the top of the page to filter your results to only show specific traits of traffic. Enabling Blocked will exclude traffic that was not blocked and enabling Flagged will exclude traffic that was not flagged. These two options can be used together, to show only traffic which was both blocked and flagged.

You can further filter traffic using the "Reason" drop-down to view only traffic which has a matching "Reason" entry.

Time Stamp The date & time of the attempt to reach this website.
Site The website in question.
Client Address The IP address of the device which generated the connection. (This is the device inside your network.)
Server Address The IP address of the web server which received the connection.
Blocked Shows "true" if the site was blocked or "false" if it was allowed.
Flagged Shows "true" if the site was flagged or "false" if it was not flagged.
Category Displays the Category the site belongs to. This will be blank if the site is included as a Block Site or Pass Site entry.
Reason

Displays the reason the site visit was recorded in reports:

Block Category: the site is included in a Category which is blocked

Block List: the site has a Block Site entry

Pass Category: the site is included in a Category which is not blocked

Pass List: the site has a Pass Site entry

 

Site Lookup

This tool enables you to determine which Category or Categories a particular website or URL belongs to. Enter the URL you'd like to check into the Enter site/domain field and click Lookup. Any Categories that site belongs to will be displayed.

Each URL can be Categorized individually, meaning that you might find different results for www.example.com and mail.example.com.

lookup.png

 

Follow
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk