Allied Telesis AR Series Technical Manual page 21

Feature Overview
are not visible for processing. Instead the domain name specified in TLS SNI (Transport Layer
Security Server Name Indication) for each HTTPS request is used as the URL for matching.
The SNI field is contained within the Client Hello message supplied during the TLS handshake when
a client web browser first attempts to access a secure HTTPS server website. The SNI information is
supplied in clear-text, and represents the domain part of the URL of the HTTPS request. The SNI
field is used by secure web servers hosting multiple secure websites, and allows a secure web
server with a single public IP address to host multiple websites. It allows the secure web server to
supply the correct digital certificate containing the correct domain name(s) to the requesting web
browser client, so that the negotiation of the encrypted connection to the website can proceed.

If a whitelist match is found, the traffic will not be blocked (it will be logged if configured to do so).

If a blacklist match is found, the request will be dropped (and logged if configured to do so)—it
will not be forwarded to the destination.

If neither whitelist nor blacklist matches are found, the traffic will not be blocked.

Pattern checking stops as soon as a match is found. So if traffic matches any configured whitelist,
then it will be allowed though the device. Or if traffic matches any configured blacklist then it will
immediately be blocked. That same traffic will not be subsequently checked against additional
whitelists or blacklists.
For information about how to use URL Filtering, see
C613-22104-00 REV B
"Configuring URL filtering" on page
Advanced Network Protection
45.
|
URL filtering Page 21