Using remote filtering software

Web Security Help | Web Security Solutions | Version 7.8.x

By default, remote filtering software components monitor HTTP, SSL, and FTP traffic and apply a user-based policy or the Default policy. Remote filtering software does not apply policies to IP addresses (computers or network ranges).

Bandwidth restrictions are not applied to remote filtering clients, and bandwidth generated by remote filtering traffic is not included in bandwidth measurements and reports.

Remote filtering software can only block or permit FTP and SSL (HTTPS) requests. FTP and HTTPS sites in categories assigned the quota or confirm action are blocked when the user is outside the network.

While remote filtering software always monitors HTTP traffic, you can configure it to ignore FTP traffic, HTTPS traffic, or both. See Configure remote filtering to ignore FTP or HTTPS traffic.

Remote filtering software includes the following components:

Remote Filtering Server is installed inside your network's outermost firewall, and configured so that filtered machines outside the network can communicate with it.

Remote Filtering Client is installed on Microsoft Windows machines that are used outside the network.


	Note Follow the recommendations in the Deployment and Installation Center carefully to deploy these components. See the Remote Filtering Software technical paper for instructions on installing them.

All communication between Remote Filtering Client and Remote Filtering Server is authenticated and encrypted.

By default, when an HTTP, SSL, or FTP request is made from a machine with Remote Filtering Client installed:

The client first determines whether or not it is inside the network by sending a heartbeat to the Remote Filtering Server in the DMZ.

If the machine is inside the network, Remote Filtering Client takes no action. The request is passed to Network Agent or an integration product, and filtered like other in-network Internet activity.

If the machine is outside the network, Remote Filtering Client communicates with Remote Filtering Server over the configured port (80, by default).

Remote Filtering Server then contacts Filtering Service (installed inside the network) to ask what action to apply to the request.

Filtering Service evaluates the request and sends a response to Remote Filtering Server.

Finally, Remote Filtering Server responds to Remote Filtering Client, either permitting the site or sending the appropriate block message.

Complete information about planning for, deploying, and configuring remote filtering software is available in the Remote Filtering Software technical paper, available from the support.websense.com.