Rule Sets

Rule Sets are lists of web site categories, keywords, and actions that control how users can access the Internet.

rule-sets

The Lightspeed Systems Web Filter module comes with three built-in rule sets.

Built-In Rule Sets

  • DefaultCIPA-compliant filtered access to Internet content. Content categories such as Adult and Forums, and sites in the Security category are blocked, while most other categories are allowed. The Lightspeed Systems Web Filter module applies this Rule Set to anyone who is not assigned to any other Rule Set.
  • Allow All – Unfiltered access to all Internet content, including Adult, Forums, and Security category.
  • Block All – No Internet access. All categories are blocked.

You can create local exceptions to define different content for your users. For example, you may want to allow access to Webmail sites for teachers, but not students. You would create two different Content Filter Property Sets: One for teachers with Forums Webmail category allowed; and one for Students with Forums Webmail blocked. To simplify the process, you can use the three predefined Rule Sets as a starting point for your custom Rule Sets.

Creating a Rule Set

    • 1. From the Policy Management dashboard, click Rule Sets, and then click New Rule Set.
    • 2. In the New Rule Set form, enter a meaningful name and description.

new-rule-set

  • 3. Choose a rule set from the Copy Settings From dropdown list, and then click Save. This action populates your new rule set with allowed and blocked categories from the rule set you selected.
  • 4. On your new Rule Sets form, review and select options to apply for this Rule Set.
  • 5. Click Save.

Important:

Rule Sets are not active until you assign them. Use the Assignments page to see a list of policy assignments, change policy assignments, or add new policy assignments.

Search Engines

  • Filter image search thumbnails (Google and Bing) – Remove image thumbnails from search results from blocked content categories.
  • Force safe search (Google, YouTube and Bing) – Restrict all Google, YouTube, and Bing searches to enable their “safe search” feature.
  • Block Google HTTPS search (fail-safe) – Restrict all secure connection HTTPS searches on Google. (This blocks *.google.com). Learn more
  • Disable Google auto-complete – Check (select) this option to prevent Google instant search.
  • Allow YouTube for Schools – Allow only YouTube pages within the YouTube for Schools portal. You must have a YouTube for Schools code to enable this feature. Enter your code on the General page.
  • Select blocked search keywords to filter – Use the selected Block Search Keywords lists to filter search results.

Image Searches on Google Drive

If you block Unknown URLs, Domains and IP Addresses under Category Options thumbnails will not be displayed for image searches using the Research tool on Google Drive (formerly Google Docs). This is due to the fact that the Web Filter module expects a source URL or domain to be appended at the end of the search string, which the Google Drive Research tool does not provide.

Non-HTTP Traffic

  • Filter non-HTTP traffic by IP address – The Content Filter is designed to filter HTTP traffic; therefore, it has the ability to distinguish HTTP traffic from everything else. With this option enabled, the Content Filter will block the non-HTTP sessions (e.g., HTTPS, FTP, SMTP, etc.) with a destination IP address in a category that is set to “Block”.
  • Block non-HTTP traffic to unknown IP addresses – Similar to the above feature, when this option is enabled, the Content Filter will block any non-HTTP sessions with a destination IP address that is not categorized in the content database.

URL Patterns

The Content Filter can allow or block requests that match the selected lists of URL Patterns. Select the URL pattern list to use, then choose to block or allow requests from each list.

Note

URL pattern policies take precedence over force safe search and blocked keyword options.

Lockouts

The Lightspeed Systems Web Filter module temporarily locks out users who persistently try to visit blocked web sites. This feature was designed to help prevent content filter abuse. Locked out users lose their Internet access until the lockout expires. When this abusive behavior is detected, the abuser’s Internet access is blocked (based on IP) for a configurable amount of time. An optional email can also be sent to notify a responsible party that the Lockout has occurred.

Use the Lockouts report to view and manage locked-out users.

suspended

Because the Lockout options are configured in each Rule Set, you can apply different settings to various user groups and times of day.

  • Block internet access for: 15 minutes – Temporarily block the user from continued web access for X number of minutes. (Maximum 60 minutes, default of 15)
    • Alert Only – To send a notification and alert, without suspending the user’s internet access, set the Block Internet Access to 0 (zero) minutes.
  • Tolerance – A Lockout will occur when a user attempts to access a Lockout category more than X times in X seconds. (Maximum 60 seconds, default of 5 times in 60 seconds)
  • Email Notifications – Email notifications will be sent to the provided email addresses whenever a lockout occurs. Separate multiple addresses by comma. The email identifies the IP address. If the locked out machine is running the User Agent, the email will also identify the logged-in user.

worddav2e43e2562ec3c65a098a2f9fcd0936cd

Lockouts Video

Access Page

The Access Page is the page that is presented to users when they attempt to visit a blocked site. You can configure override access and custom access pages for custom user lists or your entire organization.

access-page-table

  • Override duration – Use the slider to set the override duration, which can be from 15 to 120 minutes.
  • Require username and password to override – Select (check) this option to require users to enter their network login and password to unblock the requested web site.
  • Restrict username account to override access list – Check (select) this option and then select the list from dropdown list. If you use an override list, the required username entered must match an entry in the selected list in order to have access to perform the override. If you do not use an override list, the required username entered must match the current known user identity. This is to ensure the user performing the override is the same user who was redirected to the access page.
  • Allow users to submit blocked websites for review – This option allows users to click a link to submit the requested site to Lightspeed Systems staff for review and recategorization.
  • Require email address and review reason – You can also require users to submit their email address and review reason. If you enable this option users will be presented with a form they can complete.
  • Use custom access page – To enable a custom access page check (select) the checkbox and select the custom access page from the dropdown list.

See Override Users for more information about creating custom override users lists.

Blocked for Review Video

Category Options

You can set options for each content category, as well as for local categories.

worddav7a739855af1cc5085ce18c7e997b4e65

  • Allow/Block – Use the toggle to allow access for each content category.
  • Overrides – Select (check) to apply this rule set’s Override settings so users can visit web sites that would otherwise be blocked.
  • Lockout – Select (check) to apply this rule set’s Lockout settings to temporarily block Internet access for users who persistently try to visit blocked web sites.
  • File Extensions – (Optional) Open the dropdown menu to select a Blocked File Extensions list to this content category.

See a full list of Lightspeed Systems categories and their descriptions on the Database Categories page.

Tag: Ruleset, rulesets, rule set, rule sets