ProSecure Unified Threat Management (UTM) Appliance Reference Manual
6-24 Content Filtering and Optimizing Scans
v1.0, January 2010
Several types of Web content blocking are available:
• File extension blocking. You can block files based on their extension. Such files can include,
executable files, audio and video files, and compressed files.
• Keyword blocking. You can specify words that, should they appear in the Web site name
(URL) or in a newsgroup name, cause that site or newsgroup to be blocked by the UTM.
The following are keyword blocking examples:
– If the keyword “XXX” is specified, the URL www.zzyyqq.com/xxx.html is blocked, as is
the newsgroup alt.pictures.XXX.
– If the keyword “.com” is specified, only Web sites with other domain suffixes (such
as .edu or .gov) can be viewed.
– If a period (.) is specified as the keyword, all Internet browsing access is blocked.
You can apply the keywords to one or more groups. Requests from the PCs in the groups for
which keyword blocking has been enabled are blocked. Blocking does not occur for the PCs
that are in the groups for which keyword blocking has not been enabled.
• Web object blocking. You can block the following Web objects: embedded objects (ActiveX,
Java, Flash), proxies, and cookies, and you can disable Java scripts. Even sites on the whitelist
(see “Configuring Web URL Filtering” on page 6-30) are subject to Web object blocking when
the blocking of a particular Web object is enabled.
• Web category blocking. You can block entire Web categories because their content is
undesired, offensive, or not relevant, or simply to reduce traffic.
Note: Wildcards (*) are supported. For example, if “www.net*.com” is specified,
any URL that begins with “www.net” is blocked and any URL that ends with
“.com” is blocked.
Note: The whitelist has priority over the blacklist (for these lists, see “Configuring
Web URL Filtering” on page 6-30), and both the whitelist and the blacklist
have priority over keyword blocking.
Note: You can bypass any type of Web blocking for trusted hosts by adding the exact
matching domain names to the trusted host list (see “Specifying Trusted Hosts”
on page 6-37). Access to the domains on the trusted host list is allowed for PCs
in the groups for which file extension, keyword, object, or category blocking,
or a combination of these types of Web blocking has been enabled.