Chapter 10 HTTP and FTP filtering
138
Note: WinRoute provides only tools for filtering and access limitations. Decisions on
which websites and files will be blocked must be made by the administrator (or another
qualified person).
10.1 Conditions for HTTP and FTP filtering
For HTTP and FTP content filtering, the following conditions must be met:
1. Traffic must be controlled by an appropriate protocol inspector.
An appropriate protocol inspector is activated automatically unless its use is denied
by traffic rules. For details, refer to chapter 6.3.
2. Connections must not be encrypted. SSL encrypted traffic (HTTPS and FTPS proto-
cols) cannot be monitored. In this case you can block access to certain servers using
traffic rules (see chapter 6.3).
3. FTP protocols cannot be filtered if the secured authentication (SASO) is used.
4. Both HTTP and FTP rules are applied also when the WinRoute’s proxy server is used
(then, condition 1 is irrelevant). However, FTP protocol cannot be filtered if the
parent proxy server is used (for details, see chapter 5.5). In such a case, FTP rules
are not applied.
5. If the proxy server is used (see chapter 5.5), It is also possible to filter HTTPS servers
(e.g. https://secure.kerio.com/). However, it is not possible to filter individual
objects at these servers.
10.2 URL Rules
These rules allow the administrator to limit access to Web pages with URLs that meet cer-
tain criteria. They include other functions, such as filtering of web pages by occurrence
forbidden words, blocking of specific items (scripts, active objects, etc.) and antivirus
switch for certain pages.
To define URL rules, go to the URL Rules tab in Configuration → Content Filtering →
HTTP Policy.
Rules in this section are tested from the top of the list downwards (you can order the list
entries using the arrow buttons at the right side of the dialog window). If a requested
URL passes through all rules without any match, access to the site is allowed. All URLs
are allowed by default (unless denied by a URL rule).
Note: URLs which do not match with any URL rule are available for any authenticated
user (any traffic permitted by default). To allow accessing only a specific web page group