|
Title: Content Filter priority question & problem. Post by: mxnerd on Wednesday 19 May 2010, 01:42:23 pm I tried to configure Content Filter to filter some websites, allowing only a specific period of time of the day to visit these websites. And I want to block some websites completely, both for some specific machines, ex. 192.168.1.20 & 192.168.1.21
So I created 1. Content Filter 1, let's say blocking facebook.com during 12:00 AM to 8:00 PM, so facebook.com is in the blacklist 2. Content Filter 2, let's say blocking porn.com completely so porn.com is in the blacklist 1. Policy 1 - apply Content Filter 1 for both machines 192.168.1.20 & 192.168.1.21 2. Policy 2 - apply Content Filter 2 for both machines 192.168.1.20 & 192.168.1.21 During 8:00PM - 12:00AM, users are able to access facebook.com, but not porn.com. But after 12:00 AM, users are blocked from visiting facebook.com yet are able to visit porn.com! If I swapped the Access Policy priority, then users can't visit porn.com yet will be able to visit facebook.com after 12:00AM, so the situation also swapped! Why is that and how can I fix it? Title: Re: Content Filter priority question & problem. Post by: mrkroket on Thursday 20 May 2010, 03:54:56 am Rules are applied in order. If one website comply one rule, and rule is accept, then the website is allowed (there is no further checking).
So you must define the most restrictive rules first, and after that the least restrictive ones. Make sure your policy #1 are not allowing porn.com. Another option is create a domain blacklist rule without any Content Filter associated. Make a rule #1, Source:ALL Destination Type: Domain Insert Domains: .porn.com (it's really important the dot at the start of the domain!!) Access Policy: Deny Make a rule #2, Source:ALL Destination Type: Domain Insert Domains: .facebook.com Time Restrictions:From 12AM to 8PM Access Policy: Deny Make a rule #3, Source:ALL Destination Type: ANY Filter Profile:The one you want Access Policy: Accept This way you'll block .porn.com at anytime and .facebook.com at workhours. After that, the Content filter is applied. You can also remove the rule #1 and add it inside Content filter of rule #3, having only 2 rules. I like the 3 rules way because is more visual, you easily see the blocked websites, and it's independent to the Content Filter. Title: Re: Content Filter priority question & problem. Post by: mxnerd on Thursday 20 May 2010, 11:15:39 am Thanks mrkroket !
Your option 2 solution is much easier. It works perfectly now. ;D Highly appreciated. ;) |