How it works

Together, the URL database and ufdbGuard for Squid offer a unique set of features, all aimed at protecting your private network and reducing network bandwidth usage. These features include:
  • URL filtering
  • HTTPS proxy tunnel protection
  • Blocking adult images produced by search engines
  • Managing HTTPS traffic
Read on to find out how each of these features work for you.

URL filtering

There are three methods available to block unwanted web content:
  • Content scanning: this method blocks access to web pages based on the occurrence of “bad” words in the content.
  • Artificial Intelligence: a variant on content scanning, intended to render more accurate results.
  • Blacklists: this method blocks access to web pages based on their being listed in a website category to be blocked.
ufdbGuard for Squid uses the last method as the fastest and most accurate method for URL filtering available. To keep the URL database up to date, content of URLs is analysed on the server of URLfilterDB with two AI algorithms and in case the AI algorithms do not have sufficient confidence, a person will classify the URL.

Blocked content categories

URLfilterDB blocks the following categories of unwanted web content:
  • Adult & sexually explicit, including obscene content
  • Advertisements
  • AI chat
  • Alcohol
  • Alternative DNS
  • Arms
  • Audio & video
  • Chat
    subcategories: AIM, Ebuddy, Facebook, Google, ICQ, MSN, Skype, Whatsapp, Talkatone, Yahoo messenger
  • Dailymotion
  • Dating & Personals
  • DNS-over-HTTPS
  • Drugs
  • Education
  • Entertainment
  • External Applications
    subcategories: Citrix Online, iCloud, Telegram
  • Finance & Investment
  • Food
  • Forums
  • Gambling
  • Games
  • Hacking & Warez
  • Health
  • Housing
  • Job Search & Career Development
  • Malware   (includes URLs from abuse.ch)
  • Microsoft Data Collection
  • News
  • Parked domain
  • Peer-to-peer (P2P)
  • Personal weblogs & private home pages
  • Questionable Movies (movies and series with questionable legal status)
  • Religion
  • Search Engine
  • Shops
  • Social Networks
    subcategories: Badoo, Facebook, Google+, Twitter
  • Soft Drugs
  • Sports
  • Toolbars
  • Safe sites
    subcategories: Google Safebrowsing, Microsoft Smartscreen
  • Travel
  • Violence/Offensive & Hate
  • Vimeo
  • Web Proxies, anonymizers and all filter circumvention sites
    subcategories: Teamviewer, Silk (Amazon), UCweb, Puffin Browser, Translators
  • Web Radio
  • Web TV, includes all sites with lots of videos, including Youtube
  • Web-based email
  • Youtube
  • Browser-specific: Mozilla, Chrome

HTTPS proxy tunnel protection

HTTPS is a protocol that implements a strong encryption layer around the HTTP protocol. Data sent across the Internet using HTTPS is secure and cannot be decrypted and read by any eavesdropper. This makes HTTPS a useful protocol for secure online transactions.

Unfortunately, the HTTPS protocol also poses a security risk. As it encrypts all data sent between a client and a webserver, antivirus software cannot read the data exchanged to detect any viruses. HTTPS can also be used to set up a so-called "proxy tunnel" between a workstation on a protected network and any system on the Internet, thus opening up your network for unlimited and unauthorized data and document transfer. These proxy tunnels can also be used with reverse port forwarding (using SSH) to build an unauthorized connection from any system on the Internet into a protected network. Setting up a communication channel between an insecure environment and a private network is fairly easy. Most proxy server products (Squid, Netcache, iPlanet, etc.) do not guard against these proxy tunnels. Also, firewalls offer no protection against proxy tunnels. ufdbGuard helps to protect you network against proxy tunnels by probing URLs that use HTTPS!

Blocking adult images produced by search engines

Searching for images with search engines like Google, Yahoo, and MSN may allow users to view adult images. These cannot be blocked in a simple way, since it would be undesirable to block all images from a search engine. Several search engines offer a safe-search* feature, which blocks most adult images. Setting the safe-search parameter in ufdbGuard enforces the safe-search policies of these search engines. The default value for the parameter is ON. The safe-search feature enforces safe searches for the following search engines: A9, Alltheweb, Ask, BuscaMundo, Dogpile, Excite, Foxnews, Google, Hotbot, Infospace, Live, Lycos, Metacrawler, Metaspy, MSN, Webcrawler, Webfetch, ya.com, Yahoo.

Controlling HTTPS usage

Usually, websites that use HTTPS for legitimate reasons use a signed SSL certificate and a fully qualified domain name for maximum security and a clear identification of the website. In contrast, untrustworthy websites that use HTTPS will use self-signed SSL certificates and an IP address instead of a domain name. Therefore, ufdbGuard can be configured to control access to HTTPS websites using 2 settings:
  • enforce-https-with-hostname
  • enforce-https-official-certificate
By default, these settings are set to “ON” in the ufdbGuard.conf file. We recommend to keep these settings. In case that a legitimate website uses an IP address in the URL, or an SSL certificate that is not signed by a trusted authority, just add this site to the locally trusted websites.

Daily updates

To keep the database with URLs to be blocked up to date, ufdbGuard has a feature to recognize URLs that are not yet part of the URL database. These URLs are uploaded to be analysed and included in the URL database.

 

*  SafeSearch is a trademark of Google.