Configuring filtering settings

Web Security Help | Web Security Solutions | Version 7.8.x

Related Topics:

Managing access to categories and protocols

Block Pages

Password override

Account override

Using Bandwidth Optimizer to manage bandwidth

Keyword-based policy enforcement

Use the Settings > General > Filtering page to establish basic settings for how Internet requests are handled.

Use the General Filtering section to determine how policies are applied to users when multiple group policies could apply; specify keyword search options; and set password override, account override, continue, and quota session behavior.

To determine how user requests are handled when multiple group policies apply, mark or clear Use most restrictive group policy (see Enforcement order).

When the option is selected, the policy that applies the most restrictive action is used. In other words, if one applicable group policy blocks access to a category and another permits access, the user's request for a site in that category is blocked.

When the option is not selected, the most permissive setting is used.

Select one of the following Keyword search options (see Keyword-based policy enforcement).


CGI only	Blocks sites when keywords appear in CGI query strings (after the "?" in a Web address). Example: search.yahoo.com/search?p=test Filtering Service does not search for keywords before the "?" when this is selected.
URL only	Blocks sites when keywords appear in the URL. If the requested address contains a CGI query string, Filtering Service searches for keywords up to the "?".
URL and CGI	Blocks sites when keywords appear anywhere in the address. If a CGI query string is present, Filtering Service searches for keywords both before and after the "?".
Disable keyword blocking	Use with caution. Disable keyword blocking turns off all keyword blocking, even if Block keywords is selected in a category filter.

In the Password override timeout field, enter the maximum number of seconds (up to 3600, default 60) that a user can access sites in all categories after selecting password override (see Password override).

In the Continue timeout field, enter the maximum time in seconds (up to 3600, default 60) that a user who clicks Continue can access sites in categories governed by the Confirm action (see Actions).

In the Account override timeout field, enter the maximum time in minutes (up to 3600, default 5) that a user is filtered by the policy assigned to the override account (see Account override).

In the Quota session length field, enter the interval (up to 60 minutes, default 10) during which users can visit sites in quota-limited categories (see Using quota time to limit Internet access).

A session begins when the user clicks the Use Quota Time button.

Enter the Default quota time per day (up to 240 minutes, default 60) for all users.

To change the quota time for individual users, go to the Policies > Clients page.

As you make changes to the quota session length and the default quota time per day, the Default quota sessions per day is calculated and displayed.

Under State Server, provide IPv4 address or hostname and Port information if:

Your environment includes multiple Websense Filtering Service instances, and

You use the Quota or Confirm actions, password override, or account override.

State Server tracks clients' quota, confirm, password override, and account override sessions to ensure that session time is allocated correctly across multiple Filtering Service instances (see Policy Server, Filtering Service, and State Server).

After entering State Server connection details, click Check Status to verify the connection. Configure State Server connection information for each Policy Server instance in your deployment.

Under Bandwidth Optimizer, enter the information needed to filter Internet usage based on available bandwidth. For more information about enforcing bandwidth-based Internet access, see Using Bandwidth Optimizer to manage bandwidth.


	Note In Websense Web Security Gateway Anywhere environments, no bandwidth-based restrictions are enforced on requests passing through the hybrid service.

To specify an Internet connection speed, do one of the following:

Select a standard speed from the drop-down list.

Enter the network speed in kilobits per second in the text field.

Enter the default thresholds to use when bandwidth-based actions are enforced. Note that when the thresholds are set, but no category or protocol filters include bandwidth-base actions, no bandwidth usage restriction occurs.

Network: When total network traffic reaches this percentage of total available bandwidth, start limiting access based on bandwidth, as configured in active filters.

Protocol: When traffic for a specific protocol (like HTTP or MSN Messenger) reaches this percentage of total available bandwidth, start restricting access to that protocol, as configured in active filters.

(Websense Web Security Gateway) Content Gateway can collect information about bandwidth consumed by HTTP traffic and protocols that tunnel over HTTP for use in reporting. To enable this option, mark Include bandwidth data collected by Websense Content Gateway.

Use the Block Messages section to enter the URL or path to the alternative HTML block page you created for the top frame of browser-based block messages (see Creating alternate block messages), or to configure Websense Web Security Gateway Anywhere to include a link to ACEInsight on block pages.

Separate pages can be used for the different protocols: FTP, HTTP (including HTTPS), and Gopher.

Leave these fields blank to use the default block message.

If you have created custom block pages, and want to use those block pages for all protocols, you can also use the fields in this section blank (see Customizing the block message).

In Websense Web Security Gateway Anywhere environments:

Custom block messages specified in the fields above are not applied to requests handled by the hybrid service.

Instead, use the Settings > Hybrid Configuration > User Access page to customize the hybrid block page (see Customizing hybrid block pages).

When a user clicks the ACEInsight link, the URL the user attempted to access is sent to ACEInsight and a web page is displayed showing ACEInsight analysis.

The URL sent to ACEInsight is truncated, to omit the CGI string (which could include a user name or password). As a result, ACEInsight does not analyze password-protected content, and may return different results than Content Gateway.

The ACEInsight link does not appear on hybrid block pages.

Under Search Filtering, select Enable search filtering to activate a setting built into certain search engines so thumbnail images and other explicit content associated with blocked sites are not displayed in search results (see Search filtering).

The search engines for which this feature is supported are displayed below the check box.

When you have finished configuring settings on this page, click OK to cache the changes. Changes are not implemented until you click Save and Deploy.