Content Filter
The primary functionality of the Content Filter application is to block websites that are considered ‘inappropriate’ and work as a web filter. Although the application comes with default settings, the administrator can setup customized content filtering policies based on standard block parameters such as Blacklists, Phrase Lists, MIME Types, File Extensions, Banned Sites, Gray Sites, and Exception Sites. The content filter application is capable of blocking both ‘http’ and ‘https’ connections with the help of default or manually configured content filtering policies. The content filter policies can be assigned to a group of users or to specific devices connected to the Crystal Eye network.
The Content Filter application is installed by default and can be accessed from the left-hand navigation panel.
Left-Hand Navigation Panel > Security Configuration > Content Filter  |
|---|
The Exception IPs feature of Crystal Eye XDR’s content filter application provides the leverage for administrators to quickly permit IPs and exclude them from various block categories. This feature of the CE XDR is widely appreciated for its ability to reduce the administrative burden of administrators since the policy assigned to all the end clients in the network are not changed during the process of adding an IP address to the exception list.
How to Add Exception IPs Applicable to All Users & Groups in the Crystal Eye XDR Network?
Step 1: In the Configuration Settings page, click the Edit button next to Exception IPs under the Global Settings section.
Step 2: You will now see the Listing page of the Exception IPs. Click the Add button under the Exception IPs section.
Note: The whitelisted IP address can also be deleted from the IP listing page by clicking the delete button.
Step 3: You will now see the Exception IPs page. Enter the IP Address that needs to be whitelisted in the textbox and click Add button.
The Banned IPs feature of Crystal Eye’s content filter would block the listed IPs from accessing the internet.
How to Add Banned IPs Applicable to All Users & Groups in the Crystal Eye Network?
Step 1: In the Configuration page, click the Edit button next to Banned IPs in the Global Settings section.
Step 2: You will now see the listing page of the Banned IPs. Click the Add button under the Banned IPs section.
Note: The Banned IPs can be deleted if required from the listing page.
Step 3: You will now see the Banned IP page. Enter the IP Address which needs to be banned in the textbox and click the Add button.
The detailed logging feature of the Content Filter application when enabled enhances logging capabilities of the Crystal Eye with more verbosity to provide more information. Detailed logging can be enabled to set a higher log level which can be effectively used while troubleshooting and for diagnostic purpose.
Note: The detailed logging feature is disabled by default. It is recommended to enable detailed logging only for diagnostic purpose as the logging might consume more disk space.
How to enable/disable detailed logging?
Step 1: In the Configuration page, click the enable/disable button in the Global Settings section.
This section allows users to add the contact details in the ban page of the content filter.
The Content Filter application can be setup to filter both HTTP and HTTPS traffic. This essentially means that if you want to block a https website you would have to enable SSL decryption.
The following are the content filtering modes in the Crystal Eye XDR:
- Transparent
- Transparent_SSL
- Explicit
- Explicit_SSL
- Bypass
Note: HTTPs traffic can only be scanned and filtered when the CE XDR is running on Transparent_SSL mode and Explicit_SSL mode. The content filter application operates in Transparent mode by default, which also means that only http traffic gets scanned and filtered in this mode.
How to configure the content filter application to filter both http and https traffic simultaneously?
To ensure that the Crystal Eye XDR scans and filters both http and https traffic we would have to edit the default web filtering configurations from the Advanced Firewall application.
Step 1: Go to Security Configuration > Advanced Firewall application > Traffic Rules tab and click the Edit Icon next to Default Transparent Web Filter in the Rules section.
Step 2: You will now see the default traffic rule page highlighting the source and the destination of the traffic. Select the Transparent_SSL from the Mode dropdown under Actions section.
Note: You can add more source zones if there is a requirement to assign the content filter policies to other custom zones.
Step 3: Now, go to Security Configuration > Web Proxy Server and click the Download Certificate button next to SSL Decryption under the Rules section.
Step 4: Install the CE Security Certificate to the browser if you are using a Laptop. Read below to know how to install certificates in Google Chrome and Mozilla Firefox browsers.
Follow the steps below to install CE certificate in Google Chrome:
Go to Settings > Privacy and security > Security > Manage Certificates > Intermidiate Certification Authorities > Click Import button and import the CE certificate
Note: Ensure that the browser is set up to automatically detect proxy settings. 
Follow the steps below to install CE certificate in Mozilla Firefox:
Type ‘about:preferences’ in the browser > Privacy and Security > Certificates > Certificates Manager > Authorities > Click Import button and import the CE certificate
Note: Ensure that the browser is set to automatically detect proxy settings (Go to Network Settings > Select Auto-detect proxy settings for this network)
The core functionality of Crystal Eye XDR’s Content Filter application is to enforce policy-based web filtering. Hence, content filter policy plays an important role to define what kind of online content to filter. The application comes with default policy settings, however, if required, customized content filter policies can also be created.
Here under the Policy Management page the CE administrators can create and name a content filter policy and then assign it to a particular IP address or MAC address. Creating a content filter policy primarily involves naming it and post that various content filter components are fine-tuned as per requirements.
Let’s learn how to create a content filter policy with the help of the following scenario:
The Crystal Eye XDR administrator, Ronald has been given the task to create different content filter policies for various departments of the organizations.
Below are the steps that Ronald would pursue to create a content filter policy for the Marketing team of his organization using the Content Filter application.
Step 1: Go to Security Configuration > Web Filter > Content Filter > Policy Management tab and click the Add Policy button.
Step 2: You will now see the Policy Name textbox. Enter the name of the Policy in the textbox (in our case we will name this content filter policy as ‘Marketing Department’).
Note: You will now see policy ‘marketing_department’ in the App Policies section. Click the Configure Policy button to manage various content filter components such as General Settings, Blacklists, Phrase Lists, MIME Types, File Extensions, Banned Sites, Gray Sites, and Exception Sites.
Step 3: Click the Edit button to customize the content filter policy.
The General Settings component of the content filter policy enables the administrator to define various parameters such as Dynamic Scan Sensitivity, Reporting Level, Virus Scan, Deep URL Analysis, Blanket Block, Blanket SSL/CONNECT block, Block IP Domains, Google Safe Search, YouTube Safe Search & Advertisement.
Dynamic Scan Sensitivity: This filtering parameter is used to define the sensitivity levels of how aggressively the content filter application will scan for an assigned phrase list and block the user.
There are three options that can be selected namely,
- Very Lax - if the content is to be filtered for adults
- Normal - if the content is to be filtered for mid-aged children
- Very Aggressive – if the content is to be filtered for small children
Reporting Level: The administrator can select options such as Stealth Mode, Short Report, Full Report, and Custom Report that defines what would happen if a content filter policy is violated.
- In Stealth Mode, the bad web link will be accessible but a log for the policy violation will be created.
- In Short Report mode, an error message will be displayed.
- In Full Report mode, an error message will be displayed specifying the actual value and weighted limit.
- In Custom Report mode, a customizable HTML page is displayed.
Virus Scan: Performs a simple virus scan.
Deep URL Analysis: On enabling this option, Crystal Eye scans web pages and URLs to check them against the selected Phrase Lists. The intensity of checking is determined by the Dynamic Scan Sensitivity setting as described under the General Settings section.
Blanket Block: This policy parameter is the most restrictive setting of the content filter application. On enabling this feature Crystal Eye will block all websites accessed from the client machine leaving the sites added to the Exception Sites List.
Blanket SSL/CONNECT Block: Enabling this feature will block SSL anonymous proxies without using SSL bump.
Block IP Domains: This feature prevents the users from using IP addresses of the banned URL to access the web link.
The Crystal Eye XDR administrator can blacklist all websites related to a specific subject for example, abortion, alcohol, cellphone and a lot more.
Note: Make sure that you run the CE XDR on Transparent_SSL or Explicit_SSL mode if you want to blacklist https websites.
How to Blacklist Websites Related to a Particular Subject?
Step 1: In the Content Filter application page, click the Policy Management tab and the Configure Policy button next to the policy that needs to be edited.
Step 2: You will now see the Policy page. Click the Edit button next to Blacklists.
Step 3: You will now see the Blacklists page. Select the categories that needs to be blacklisted.
There are a set of Phrase List categories that can be selected to filter relevant browsing content. Once this feature is activated, the Crystal Eye XDR would scan the browsing content for the selected phrase list based on the sensitivity levels opted in the Dynamic Scan Sensitivity section. The content filter application calculates a score for each web page based on the number of times a forbidden phrase is detected and then blocks the content accordingly.
Note: Make sure that you run the CE XDR on Transparent_SSL or Explicit_SSL mode if you want to block phrase list in https websites.
How to Select Phrase List to Block/Filter Content?
Step 1: Go to Security Configuration > Web Filter > Content Filter > **Policy Management tab***
Step 2: You will see the Policy page. Click on the Edit button next to Phrase Lists.
Step 3: You will now see the Phrase Lists page. Check the tick box next to the desired phrase category and click the Update button.
MIME Types are used by browser’s to recognize and display the contents of a file. Crystal Eye XDR’s content filter application rigorously scans MIME Types as they play an important role in providing instructions to the browser to use certain applications to display content. However, there could be instances when the applications itself are vulnerable to security exploits turning out to be a soft target for attackers resulting to compromised computers. Taking this into consideration certain MIME Types can be banned by the administrator which results to a blanket block of files containing those MIME Types. This promotes a robust security stance securing the network infrastructure.
How to Ban/Block MIME Types?
Step 1: Go to Security Configuration > Web Filter > Content Filter > Policy Management tab and click the Configure Policy button under the App Policies section.
Step 2: You will now see the Policies page. Click the Edit button next to MIME Types.
Step 3: You will now be directed to the MIME Types page. Check the tickbox next to the desired MIME Type and click the Update button.
This content filtering feature can be used to ban specific file extensions so that there are fewer chances of malicious codes and viruses being downloaded by the end users in the Crystal Eye network.
How to Ban/Block File Extensions?
Step 1: Go to Security Configuration > Web Filter > Content Filter > Policy Management tab and click the Configure Policy button under the App Policies section.
Step 2: You will now see the Policy page. Click the Edit button next to File Extensions.
Step 3: Check the tick box next to the File Extension and click the Update button.
The Banned Sites feature of the Content Filter application is used to block certain websites manually regardless of its content.
Note: Make sure that you run the CE XDR on Transparent_SSL or Explicit_SSL mode if you want to ban https websites.
How to Block a Website Manually Using the Banned Sites Feature of the Content Filter Application?
Step 1: Go to Security Configuration > Web Filter > Content Filter > Policy Management tab and click the Configure Policy button under the App Policies section.
Step 2: You will now see the Policy page. Click the Edit button next to Banned Sites.
Step 3: You will now see the Banned Sites section. Click the Add button.
Step 4: Enter the website name in the Site textbox and click the Add button.
Adding websites to the Gray Sites lists allows users to access some web pages of a blacklisted website which are not deemed inappropriate by the phrase list system.
So, for instance if the Crystal Eye XDR administrator blacklists news websites using the category-based blacklist feature of the app and then adds bbc.co.uk to the Gray Sites list then the end users will be allowed to access web pages of bbc.co.uk except for some naughty pages like this which are deemed inappropriate by the settings of the phrase list system..
Note: Make sure that you run the CE XDR on Transparent_SSL or Explicit_SSL mode if you want https content to be scanned and filtered.
How to Add Websites to the Gray Sites List?
Step 1: Go to Security Configuration > Web Filter > Content Filter > Policy Management tab and click the Configure Policy button under the App Policies section.
Step 2: You will now see the Policy page. Click the Edit button next to Gray Sites.
Step 3: Click the Add button.
Step 4: Enter the website name in the Site textbox and click the Add button.
The websites added in the Exception Sites list are automatically made accessible irrespective of the site’s content. An administrator might come across instances where a website could be wrongly blocked. In such cases, the Exception Sites feature does the job of overriding ‘false positives’.
How to Add a Website to the Exception Sites List?
Step 1: Go to Security Configuration > Web Filter > Content Filter > Policy Management tab and click the Configure Policy button under the App Policies section.
Step 2: You will now see the Policy page. Click the Edit button next to Exception Sites.
You will now see the list of default Exception Websites. However, you can also add a particular exception website to this list using the add feature.
Step 3: To add a new exception website, click the Add button in the Exception Sites page.
Step 4: Enter the exception website in the Site textbox and click the Add button.
An administrator can assign content filter policies to specific devices (IP addresses/MAC addresses) connected to the CE network. These policies can be created to filter both http and https traffic.
Note: Refer to Filtering HTTP/HTTPs Traffic to know how to configure CE’s Content Filter application to filter both http and https traffic simultaneously.
How to Assign a Content Filter Policy to a Specific Device (IP addresses/MAC addresses)?
Step 1: Go to Security Configuration > Web Filter > Content Filter > click Policy Management tab.
Step 2: You will now see the Policy Management page where all the devices will be listed in the Assign Policy to IP/MAC Address section.
Step 3: Click the Edit Policy button adjacent to the device MAC address, IP address and the hostname.
Step 4: You will now be directed to the Policy page. Select the Policy of your choice from the Policy Type dropdown and click the Update button.
Note: Refer to Naming & Creating a Content Filter Policy to know how to name a content filter policy. Also, refer to General, Settings, Blacklists, Phrase List, MIME Types, File Extensions, Banned Sites, Grey Sites, Exception Sites.
An authentication-based content filter policy can be enabled for selected users who have their devices connected to the Crystal Eye XDR. Once this policy is enabled, the user will be prompted to enter the user credentials every time a browser session is initiated.
Note: The username and password can be created from the users application.
How to activate authentication-based content filter policy?
Step 1: Go to Security Configuration > Advanced Firewall > click Traffic Rules tab.
Step 2: You will now see the Traffic Rules page. Click the Edit icon next to the Default Transparent Web Filter in the Rules section.
Step 3: You will see the Edit page.
- Change the content filter mode to Explicit or Explicit_SSL,
- Select the tick box next to Authentication
- Click the Update button
