ZyXEL Communications USG FLEX H Series User Manual page 244

Content Filtering Profiles
A content filtering profile conveniently stores your custom settings for the following features.
• Category-based Blocking
The Zyxel Device can block access to particular categories of web site content, such as pornography
or racial intolerance.
• Customize Web Site Access
You can specify URLs to which the Zyxel Device blocks access. You can alternatively block access to
all URLs except ones that you specify. You can also have the Zyxel Device block access to URLs that
contain particular keywords.
HTTP(S) Traffic Scanning Configuration Guidelines
When the Zyxel Device receives an HTTP request, the content filter searches for a policy that matches
the source address and time (schedule). The content filter checks the policies in order (based on the
policy numbers). When a matching policy is found, the content filter allows or blocks the request
depending on the settings of the filtering profile specified by the policy. Some requests may not match
any policy. The Zyxel Device allows the request if the default policy is not set to block. The Zyxel Device
blocks the request if the default policy is set to block.
HTTPS Domain Filter
HTTPS Domain Filter works with the Content Filter category feature to identify HTTPS traffic and take
appropriate action. SSL Inspection identifies HTTPS traffic for all Security Service traffic and has higher
priority than HTTPS Domain Filter. HTTPS Domain Filter only identifies keywords in the domain name of an
URL and matches it to a category. For example, if the keyword is 'picture' and the URL is http://
www.google.com/picture/index.htm, then HTTPS Domain Filter cannot identify 'picture' because that
keyword in not in the domain name 'www.google.com'. However, SSL Inspection can identify 'picture' in
the URL http://www.google.com/picture/index.htm.
Keyword Blocking URL Checking
The Zyxel Device checks the URL's domain name (or IP address) and file path separately when
performing keyword blocking.
The URL's domain name or IP address is the characters that come before the first slash in the URL. For
example, with the URL www.zyxel.com.tw/news/pressroom.php, the domain name is
www.zyxel.com.tw.
The file path is the characters that come after the first slash in the URL. For example, with the URL
www.zyxel.com.tw/news/pressroom.php, the file path is news/pressroom.php.
Since the Zyxel Device checks the URL's domain name (or IP address) and file path separately, it will not
find items that go across the two. For example, with the URL www.zyxel.com.tw/news/pressroom.php,
the Zyxel Device would find "tw" in the domain name (www.zyxel.com.tw). It would also find "news" in
the file path (news/pressroom.php) but it would not find "tw/news".
DNS Domain Scan
The DNS Domain Scan allows the Zyxel Device to block access to specific websites by inspecting DNS
queries made by users on your network. If the website in the DNS query contains prohibited material,
Chapter 16 Content Filtering
USG FLEX H Series User's Guide
244