How it works
Together, the URL database and ufdbGuard for Squid offer a unique set of features, all aimed at protecting your private network and reducing network bandwidth usage. These features include:
URL filteringThere are three methods available to block unwanted web content:
Blocked content categoriesURLfilterDB blocks the following categories of unwanted web content:
HTTPS proxy tunnel protectionHTTPS is a protocol that implements a strong encryption layer around the HTTP protocol. Data sent across the Internet using HTTPS is secure and cannot be decrypted and read by any eavesdropper. This makes HTTPS a useful protocol for secure online transactions.Unfortunately, the HTTPS protocol also poses a security risk. As it encrypts all data sent between a client and a webserver, antivirus software cannot read the data exchanged to detect any viruses. HTTPS can also be used to set up a so-called "proxy tunnel" between a workstation on a protected network and any system on the Internet, thus opening up your network for unlimited and unauthorized data and document transfer. These proxy tunnels can also be used with reverse port forwarding (using SSH) to build an unauthorized connection from any system on the Internet into a protected network. Setting up a communication channel between an insecure environment and a private network is fairly easy. Most proxy server products (Squid, Netcache, iPlanet, etc.) do not guard against these proxy tunnels. Also, firewalls offer no protection against proxy tunnels. ufdbGuard helps to protect you network against proxy tunnels by probing URLs that use HTTPS! Blocking adult images produced by search enginesSearching for images with search engines like Google, Yahoo, and MSN may allow users to view adult images. These cannot be blocked in a simple way, since it would be undesirable to block all images from a search engine. Several search engines offer a safe-search* feature, which blocks most adult images. Setting the safe-search parameter in ufdbGuard enforces the safe-search policies of these search engines. The default value for the parameter is ON. The safe-search feature enforces safe searches for the following search engines: A9, Alltheweb, Ask, BuscaMundo, Dogpile, Excite, Foxnews, Google, Hotbot, Infospace, Live, Lycos, Metacrawler, Metaspy, MSN, Webcrawler, Webfetch, ya.com, Yahoo.Controlling HTTPS usageUsually, websites that use HTTPS for legitimate reasons use a signed SSL certificate and a fully qualified domain name for maximum security and a clear identification of the website. In contrast, untrustworthy websites that use HTTPS will use self-signed SSL certificates and an IP address instead of a domain name. Therefore, ufdbGuard can be configured to control access to HTTPS websites using 2 settings:
Daily updatesTo keep the database with URLs to be blocked up to date, ufdbGuard has a feature to recognize URLs that are not yet part of the URL database. These URLs are uploaded to be analysed and included in the URL database. * SafeSearch is a trademark of Google. |