Support Center

How To Set up Client Web Access Filtering

Last Updated: May 17, 2012 05:02PM CDT
How to Setup Client Web Access Filtering

Content filtering in atomOS relies upon the use of the Web Proxy feature, which can be found in the menu system under Network Services / Managed Access.
Click 'Enable Web Proxy Service' and save the setting by clicking 'Save' at the bottom of the page. Click on the 'Web Proxy' menu item to refresh the new menus. 
Once the Web Proxy service is enabled, several related services will be started:
  • Download and population of the URL Classification Database. Depending upon the connection speed to the internet, it may take a few minutes to complete the initial population.
  • The configuration menu for creating Access Control Lists will become available.
  • Port 3128 (by default) will become available for client proxy connections.

In order for the proxy services and filtering to work properly, client machines must be configured to use proxy services - either at the system or browser level. Use of the proxy connection can be restricted by using filter rules, and it is recommended that once use of the proxy is mandated by the network administrator that a firewall block rule for HTTP be created for LAN connections. Creation of Firewall Filter Rules are detailed in a separate document

There are several advantages to the use of the Web Proxy Service:
  • Traffic is cached which enhances performance on the client side. The cache setting are completely configurable based upon the user environemnt.
  • Allows the administrator to control source IPs and MAC IDs.
  • Traffic can be allowed to travel to controlled destination Ports, IPs, specific URLs, or a defined URL Classification.
  • Conversely, traffic can also be blocked by the same criteria.
  • Traffic can be controlled by day of week or time of day, or any combination thereof.
  • Specific rules can also be logged to track client-side behaviors

By itself, the Web Proxy service provides a powerful and easy to maintain measure of control over client behaviors.
Once the Web Proxy Service is enabled, it is important to create at least one Access Control List (ACL) rule that allows traffic to pass through the proxy. By default, if there are no ACL rules, all traffic is blocked by the proxy service. This is done in the interest of security.

To create a new ACL:
  • Click on the Access Lists menu.
  • Click on the green Plus button.
  • The only 'required' field is the Rule Name. All other fields will default to an 'allow' state for ease of initial configuration.
  • As more rules are created, various combinations of configuration parameters can be set, allowing for a great deal of flexibility in creating the controlled environment.
  • ACLs are processed in an ordinal fashion - meaning that the first rule which meets the specified parameters will be processed and further rules will be ignored.
  • ACLs can be reorganized in the interface by using a combination of the checkbox and the left-arrow button.
  • ACLs can be edited and reordered at any time, those changes taking effect when the 'Apply Changes' button is selected.
  • It is recommended that the rules be ordered from most-restrictive to least-restrictive so that traffic is controlled as expected.

To include URL Classification lists, go to the URL Classification screen and enable the desired categories by clicking on each. In the interest of enhanced performance, only enable those URLs that are likely to be incorporated into an ACL rule.

Please submit additional questions to <support@atomampd.com>.
如何设置客户端网络访问过滤

在atomOS系统的内容过滤依赖于网络代理功能的使用,此功能可在网络服务/访问管理下找到。
点击使用网络代理服务,并且在页面底部通过点击“保存”按钮保存设置。点击“网络代理”按钮刷新新的菜单。 
一旦网络代理服务可以使用,一系列其它相关服务将会启动:
  • 下载并聚集URL分类数据库。这取决与互联网的连接速度,首次聚集将会花费几分钟时间。
  • 控制入口清单的设置菜单将会显示。
  • 端口3128(默认)将会对Port 3128 对客户代理链接可见。

为了使代理服务以及过滤服务工作正常,客户机必须设置为使用代理服务---系统以及浏览级别都需要。代理连接可能会被过滤规则限制,建议代理服务委托为LAN连接创造的http防火墙阻拦规则的网络管理员。防火墙阻拦规则细则将会分别在同文件中。


用网络服务代理的优势:

  • 通信量将会被隐藏,这将会提高客户的使用性能。隐藏设置完全基于使用者的环境
  • 允许管理员管理IP以及MAC ID的来源
  • 通讯量可被允许通往可控端口,IP,具体的URL,或已被定义的网址分类
  • 相反的,通讯也可以被相同条件阻隔
  • 通讯按天或按小时或按照各种相关时间控制
  • 一些特定规则也可以对客户端的行为进行追踪

基于产品本身,网络代理服务可以提供强大并简单的方法来控制客户行为。
一旦启动网络代理服务,有必要创建至少一个接入控制列表规则可以使通信通过代理。默认情况下,如果无控制列表规则,所有通信将会被代理阻拦。这是基于安全制作的。

创建新的接入控制列表:
  • 点击接入列表菜单
  • 点击绿色的加号按钮
  • 唯一“要求”字段是“规则名称”。所有其它字段都会默认为“允许”,此为用来减少初始设置
  • 随着创建更多规则,很多设置组合因子都可被创建,允许很多浮动来创造可控环境
  • 控制列表被创建为有序样式 ---- 这意味着,第一个规则如果符合特定因素将会被通过,其它规则将会被忽略
  • 控制列表界面是被检查栏以及左向箭头按钮组合的
  • 控制列表在任意时间被设置以及重新设置顺序,当选择“申请变更”时,这些变化将会被启动
  • 建议规则顺序从最多限制到最少限制,这样通讯可以如期所控。

如想包括URL分类列表,到URL分类屏幕,并通过点击所期待的目录来启动。为提高性能,只启动那些可能包含接入控制列表的URL。


更多问题,请发送至 <support@atomampd.com>.

Contact Us

support@atomampd.com
http://assets2.desk.com/
false
atomampd
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete