12.4. URL Filter

The URL filter can block pages based on the URL or IP. Access control takes place using proxy profiles. These are either assigned directly to the network object (see Section 9.3, „Access Rights of a Network Object“) or by proxy authentication through the rights of the logged in user (see Section 14.1.1, „Access Rights“).

12.4.1. Proxy Profile

Proxy profiles are configured under Services > Proxy > Profiles. Multiple proxy access lists are combined into one profile.

The following rules apply to grouping.

  • If multiple blacklists (marked with "-") are combined, all of their pages are blocked

  • If multiple whitelists (marked with "+") are combined, all pages that are not contained in at least one whitelist are blocked

  • If both whitelists and blacklists are combined, all pages contained in the blacklists are blocked. If a page is contained in both a whitelist and a blacklist, it is not blocked

12.4.2. Proxy Access Lists

Access lists are managed under Services > Proxy > Access lists. An access list can either be uploaded (for large lists), edited directly in the browser (for smaller lists) or pre-defined. There are also 3 different types of list:

Domain or URLthis option blocks (or allows) a complete domain or URL. For example: "www.sex.com/offer" will explicitly block access to only "www.sex.com/offer" and not e.g. www.sex.com/free
Wildcardthe well-known wildcard "*" can be used to recognize parts of the URL. Example: "*.mp3" - blocks access to all URLs that end with ".mp3". "*sex*" - blocks access to all URLs that contain "sex" in any part of the URL
Regular Expressionthe URLs are checked by POSIX regular expressions. This is only for experts with prior experience

If the Ban IP addresses of URLs option has been activated under Services > Proxy > Settings, all domain names in the access lists are resolved and the corresponding IPs are also blocked. This means that it is not possible to bypass the URL filter by entering an IP.

12.4.3. Time Management

It is possible to configure the proxy in such a way that it blocks or releases different pages depending on the time of day and the day of the week. In this way, private websites can be accessed outside of normal working hours or during breaks.

To do this, first define the desired time periods under Services > Proxy > Times. When using blacklists, we recommend creating a time profile for the restricted times (for example, "main working time").

Afterwards, under Services > Proxy > Profiles a profile can be created so that some of the access lists only apply at certain times. To do this, select a time profile from the Time profile dropdown menu , then select the appropriate access list and click < to add it to the profile.

For example, if erotic pages should never be accessible, but webmail services can be available just outside of normal working hours, add the "erotic" blacklist to the Anytime time profile, and the "mail access" blacklist to the Main working time time profile.

Note that one proxy profile can only ever contain 2 different time blocks: Anytime and one definable time profile.