Use the General page to configure the basic functions of the Web Filter module. Click Save to save any changes you make.
Decode SSL Certificates – Through various methods, including (among others) decoding of SSL Certificates and SNI extension to TLS, the Lightspeed Systems Web Filter can determine the site that a user is attempting to visit through SSL. The Lightspeed Systems Web Filter looks up the host in the database, and applies the appropriate policies.
Because of the nature of SSL traffic, the Lightspeed Systems Rocket does not display the Access Page when blocking an HTTPS session.
A detailed technical discussion of SSL is outside the scope of this document. For technical information on SSL and related security topics, refer to the Wikipedia article on Transport Layer Security here.
Bypass on failure – This setting controls how the Lightspeed Systems Web Filter should handle traffic in the event of hardware or software failure, or power loss. Select (check) this check box to allow unfiltered traffic to pass through the network interfaces. Unselect (uncheck) to block all traffic and disable all Internet access.
Block P2P networks – Peer to Peer (P2P) protocols such as BitTorrent and Skype can use up large amounts of bandwidth. They can also be a source of unwanted content such as viruses, trojans, inappropriate or infringing downloads. Select (check) this check box to block all unidentified UDP traffic. Enabling this option will block Skype, UltraSurf type traffic, and file-sharing networks such as BitTorrent.
Warning: Possible overblocking with the Block P2P networks option.
Enabling the Block P2P networks option could cause overblocking. Therefore, to prevent this, Lightspeed Systems recommends that you use P2P exclusions to allow specific traffic.
Block proxied requests – Users often attempt to bypass content filters by connecting to a proxy server, which disguises or encrypts traffic to escape detection. The Lightspeed Systems Web Filter uses advanced proxy detection and traffic analysis to block known and unknown proxy servers. Select (check) this check box to block proxy server connections.
If you enabled the Block P2P networks option above you can use this table to exclude specified external IP addresses of peer-to-peer (P2P) sites.
Perform the following to add a new P2P exclusion list.
- 1. Click Add P2P Exclusion. The following will be displayed.
- 2. Enter the external IP address range, or check (select) All External IPv4 Addresses, or check (select) All External IPv6 Addresses, or check (select) All External IPv4 Addresses and check (select) All External IPv6 Addresses.
- 3. Enter the port number or check (select) All Ports.
- 4. Optional. Enter a meaningful description in the Comment field.
- 5. Click Save.
Disable Google encrypted search – Select this option to disallow access to Google’s encrypted search page, and redirect users to non-encrypted searches. Please note this option also applies to compatible Mobile Filter clients.
Enforce Google Safe Search – Select this option to redirect www.google.com requests to forcesafesearch.google.com. Please note although traffic will still be HTTPS, Google SafeSearch will be enforced.
Enforce YouTube Restricted Mode – Select this option to redirect www.youtube.com requests to forcesafetymode.youtube.com. Please note that traffic will still be HTTPS but YouTube safety mode will be enforced.
Important: While this is enforced within any browser accessing YouTube, the iOS YouTube app connects to Google through a method that does not provide unfiltered search results. To block the iOS YouTube app, add the URL pattern *googleapis.com/youtube/v1/search* to your Local-Block list.
Secure access page – Check (select) this option to force HTTPS when redirecting web requests to the access page.
YouTube for Schools Code – If your school is a member of YouTube’s EDU portal, enter your YouTube EDU code here.
YouTube EDU Codes
Please refer to Google’s YouTube EDU help page for more information.
Blocked Website Reviewers
As described in Rule Sets you can allow users to submit blocked sites for administrative review. To enable this option, you need to specify one or more destination email addresses for the review request messages. This should be the email address of a user with sufficient access to visit blocked web sites to determine the validity of the review request.
Enter the email addresses for your content reviewers in this field. Use commas to separate multiple email addresses.