Configure > Security > Access Control > Filtering
Filtering rules can be used to:
- Deny or allow URL requests
- Insert custom headers
- Allow specified applications, or requests to specified websites to bypass user authentication
- Keep or strip header information from client requests
- Prevent specified applications from transiting the proxy
Rules are ordered checked prior to user authentication (if configured). Rules are applied based on first match in a top-down traversal of the list. If no rule matches, the request is allowed to proceed.
Rules are stored in filter.config.
After adding, deleting, or modifying a rule, restart Content Gateway.
For complete information about filtering rules, see Content Gateway filtering rules.
Filtering |
Displays an ordered list of filtering rules. Three filtering rules are configured by default. The first denies traffic on port 25 to all destinations. The second and third bypass user authentication for connections to 2 file sandbox destinations. |
Refresh | Updates the table to display the most up-to-date rules in the filter.config file. |
Edit File |
Opens the configuration file editor for the filter.config file. |
filter.config Configuration File Editor | |
rule display box | Lists the rules currently stored in filter.config. Select a rule to edit it. The buttons on the left of the box allow you to delete or move the selected rule up or down in the list. |
Add | Adds a new rule to the rule display box at the top of the configuration file editor page. Click Add after selecting or entering values for the rule. |
Set | Updates the rule display box at the top of the configuration file editor page. |
Rule Type |
Specifies the rule type: Select allow to allow particular URL requests to bypass authentication. Select deny to deny requests for objects from specific destinations. When a request is denied, the client receives an access denied message. Select keep_hdr to specify which client request header information you want to keep. Select strip_hdr to specify which client request header information you want to strip. Select add_hdr to cause a custom header to be added to the request. This rule type requires that values be defined for Custom Header and Header Value. Add custom headers to satisfy specific requirements of a destination domain. See Content Gateway filtering rules. The radius rule type is not supported. |
Primary Destination Type |
Lists the primary destination types: dest_domain is a requested domain name. dest_host is a requested host name. dest_ip is a requested IP address. url_regex is a regular expression to be found in a URL. |
Primary Destination Value | Specifies the value of the Primary Destination Type. For example, if the Primary Destination Type is dest_ip, the value for this field might be 123.456.78.9. |
Additional Specifiers: Header Type |
Specifies the client request header information that you want to keep or strip. This option applies to only keep_hdr or strip_hdr rule types. |
Additional Specifiers: Realm (optional) | Not supported. |
Additional Specifiers: Proxy Port (optional) | Specifies the proxy port to match for this rule. |
Additional Specifiers: Custom Header (optional) | For use when the rule type is add_hdr. Specifies the custom header name that the destination domain expects to find in the request. |
Additional Specifiers: Header Value (optional) | For use when the rule type is add_hdr. Specifies the custom header value that the destination domain expects to be paired with the custom header. |
Secondary Specifiers: Time | Specifies a time range, such as 08:00-14:00. |
Secondary Specifiers: Prefix | Specifies a prefix in the path part of a URL. |
Secondary Specifiers: Suffix | Specifies a file suffix in the URL. |
Secondary Specifiers: Source IP | Specifies the IP address of the client. |
Secondary Specifiers: Port | Specifies the port in a requested URL. |
Secondary Specifiers: Method |
Specifies a request URL method:
|
Secondary Specifiers: Scheme |
Specifies the protocol of a requested URL. Options are:
rtsp and mms are not supported. |
Secondary Specifiers: User-Agent |
Specifies the Request header User-Agent value. Use this field to create application filtering rules that:
|
Apply | Applies the configuration changes. |
Close |
Exits the configuration file editor. Click Apply before you click Close; otherwise, all configuration changes will be lost. |