From UntangleWiki

Untangle Server User's Guide

eSoft Web Filter

Other Links: eSoft Web Filter Description Page eSoft Web Filter Video Demo eSoft Web Filter Screenshots eSoft Web Filter Forums eSoft Web Filter FAQs

---

Contents 1 About ESoft Web Filter 2 Blocking Web Content for Specific Websites 3 Unblocking Web Content for Specific Websites 4 Unblocking Web Content by Subject Matter 5 Unblocking Web Content for Specific Users 6 Blocking Web Content by MIME Type 7 Blocking Web Content by File Type 8 About ESoft Web Filter Event Log 9 Related Topics 10 ESoft Web Filter FAQs 10.1 Can I use both Web Filter and eSoft Web Filter? 10.2 Is eSoft Web Filter a better web filter? 10.3 Does ESoft use a lot of memory and CPU? 10.4 How do real-time updates work in an Untangle Server environment? 10.5 How long does ESoft cache visited sites? 10.6 Can I import Web Filter pass lists into ESoft Web Filter? 10.7 Can I add to the categories? 10.8 How should I handle false positives? 10.9 Do I get Untangle Reports if I use ESoft? 10.10 Can I use eSoft to block SSL sites? 10.11 I blocked a site but when I visit the site via HTTPS it isn't blocked. Why? 10.12 eSoft was blocking an HTTPS site, but I added it to the passlist. It is still blocked. Why?

About ESoft Web Filter

ESoft Web Filter offers everything that Web Filter, another Untangle Server product, does and more. ESoft Web Filter appeals to customers who require an added level of protection or are subject to regulations. For example, ESoft Web Filter helps libraries comply with Children's Internet Protection Act); equally important, ESoft Web Filter helps schools control hate speech. Pornography is still a big workplace productivity problem for companies, and ESoft Web Filter's categorization is a great solution for this problem.

The main technical differences between these products is that ESoft Web Filter offers:

• Real-time classification and updates. Web Filter uses a community-based approach whereby a large base of Web Filter users and Untangle itself categorize URLs. However, ESoft Web Filter combines both human beings—and sophisticated web crawlers. ESoft Web Filter runs web crawlers throughout the day. If ESoft Web Filter's web crawlers detect a new site or if you visit a site that ESoft Web Filter doesn't know about, it immediately analyzes it, then does the following:

• (Robot) If ESoft Web Filter's engine can identify the content with high probability, it will categorize it.
• (Human being) If ESoft Web Filter's engine cannot identify the content with high probability, then a human being with immediately categorize it.
  

ESoft Web Filters techniques result in more categorization (over 100,000 URLs daily), more accuracy, and faster turnaround time. When ESoft identifies a malicious website, ESoft customers get the update within seconds. Time is essential in web content filters because new websites go live very quickly.

• Categorize HTTPS traffic by IP address. Untangle can block site via a URL or the IP address of the web site. Since secure websites cannot be scanned, this feature tries to use reverse DNS to figure out the category. (If https appears in the URL, then you know it's a secure site.) If it cannot resolve, this option will block inbound and outbound SSL traffic on port 443.

So, for example, when you log on to your online banking account to view a statement, a secure site prevents others on the network from capturing private information such as your username and password. But, there's a dirty little secret that's known to those who want to bypass web filters. Often used in the pornography industry, the web site is set up as a secure site. ESoft Web Filter easily respond to this tactic because ESoft Web Filter can also by IP address, which isn't unknown. This feature is implemented via the ESoft Web Filter Scan HTTPS check box.

• Detailed categorization. Web Filter does a good job categorizing, but ESoft Web Filter offers over 53 categories. The abundance of categories means that you can narrow your scope. For example, maybe you want to block websites related to Dating, but not Social Networking. You can do so with ESoft Web Filter.

Blocking Web Content for Specific Websites

The default Block List blocks most undesirable content based on subject matter or categories. You also have the option to add specific websites, using the following procedure.

1. From ESoft Web Filter, click the Block Lists tab.
2. In the Sites area, click the manage list button.
3. In the table, click the add (+) button to the left of the table.
4. In the new entry, add the URL that you want to block.
5. Click the Update button, then Save.

Tip: If you want to temporarily unblock this website later, deselect the block check box.

Top

Unblocking Web Content for Specific Websites

1. From ESoft Web Filter, click the Pass Lists tab.
2. In the Sites area, click the manage list button.
3. In the table, do one of the following:
• If the URL that you want to unblock appears in the table, select the pass check box for that URL.
• If you need to add a new URL, click the add (+) button to the left of the table, and in the new entry, add the URL that you want to unblock.
4. Click the Update button, then Save.

Top

1. From ESoft Web Filter, click the Block Lists tab.
2. In the Sites area, click the manage list button.
3. In the table, locate an existing URL that you want to unblock, and clear the block check box, or simply delete the row.
4. Click the Update button, then Save.

Top

Unblocking Web Content by Subject Matter

1. From ESoft Web Filter, click the Block Lists tab.
2. In the Categories area, click the manage list button.
3. In the table and for the category that you want to unblock, clear the check box for either block or log or both.
4. Click the Update button, then Save.

Top

Unblocking Web Content for Specific Users

If you only have a few users that need to bypass web filter controls, consider using pass lists, not a separate virtual rack.

Before You Begin: Assign the user a static IP address. If the Untangle Server is your router, go to Assigning Network Computers Static IP Addresses.

1. From ESoft Web Filter, click the Pass Lists tab.
2. In the IP addresses area, click the manage list button.
3. In the table, select the add (+) button. A new row appears.
4. In the IP address/range text box, specify the computer IP address and subnet mask of user that you want to be exempt from the web filter.
5. Click the Update button, then Save.

Top

Blocking Web Content by MIME Type

1. From EFilter Web Filter, click the Block Lists tab, and click the MIME Types tab.
2. In the table, do one of the following:
• If the MIME type that you want to block appears in the table, select the block check box for that MIME type.
• If you need to add a new MIME type, click the add (+) button to the left of the table, and in the new entry, add the MIME type that you want to block.
3. Click the Update button, then Save.

Top

Blocking Web Content by File Type

1. From ESoft Web Filter, click the Block Lists tab.
2. In the File Types area, click the manage lists button.
3. In the table, do one of the following:
• If the file type that you want to block already appears in the table, select the block or log check box or both.
• If you want to block a file type that isn't in the list, click the add (+) button to the left of the table, then specify the file type that you want to block.
4. Click the Update button, then Save.

Top

About ESoft Web Filter Event Log

Use the following terms and definitions to understand the ESoft Web Filter Event Log:

timestamp	The time the event took place.
action	The action which the Untangle Server took on the web request.
client	IP address of the client who made the request.
request	A description of the request made (e.g. http://someurl/somepath.html).
reason for action	The reason the action was taken.
server	The server IP Address. The server is the computer that receives the request.

Top

Related Topics

• About Limiting Network Congestion
• ESoft Web Filter

Top

ESoft Web Filter FAQs

All Untangle FAQs

Can I use both Web Filter and eSoft Web Filter?

Yes. Just as you can run two anti-virus Software Products, you can run two web filter Software Products. But, unlink with anti-virus Software Products, there isn't much benefit to running both Web Filter and eSoft Web Filter. If you have eSoft Web Filter it is recommended just to run eSoft Web Filter.

Is eSoft Web Filter a better web filter?

The eSoft Web Filter is the same as Web Filter except it is based on eSoft's SiteFilter product/technology. eSoft Web Filter is better than Web Filter in many ways:

• More categories
• Better database
• Dynamic categorization of new sites
• Blocks https/SSL (by IP)

For more information, go to About eSoft Web Filter.

Does ESoft use a lot of memory and CPU?

If your Untangle Server is operating well without ESoft, then you won't see much of a difference if you run ESoft. ESoft doesn't use much memory, and there's very little CPU utilization.

How do real-time updates work in an Untangle Server environment?

Untangle Server keeps a local copy of the ESoft database. If you visit a website that the ESoft database doesn't know about, ESoft phones home to the ESoft service, then writes the new information to the ESoft database.

How long does ESoft cache visited sites?

Several days. ESoft flushes non-frequently used cache. The website that you visit daily will not be cleared from cache.

Can I import Web Filter pass lists into ESoft Web Filter?

Yes, but you can only do so from the command line. You cannot do so from the UI at this time.

Can I add to the categories?

No. ESoft has an extensive list of categories and taxonomy. If you feel there is a category that's missing, let us know.

How should I handle false positives?

You can use pass lists to treat false positives.

Do I get Untangle Reports if I use ESoft?

Yes! If you're using Web Filter, you've probably grown accustom to reports about how well the product in blocking sites. You'll get the same reports with eSoft Web Filter.

Can I use eSoft to block SSL sites?

Yes, eSoft categorizes HTTPS traffic based on IP. This means that if you've blocked "Proxy sites" then even HTTPS proxy sites will be blocked.

I blocked a site but when I visit the site via HTTPS it isn't blocked. Why?

eSoft scans and categorizes HTTPS traffic by IP address because the session itself is encrypted and cannot be scanned. As a result if you add "wellsfargo.com" to the block list and goto "https://wellsfargo.com" it will not be blocked because Untangle can only see the IP address not the hostname (wellsfargo.com). However, if you block the "Finance" category and goto "https://wellsfargo.com" you will notice it does not correctly connect and you can see a block event in the eventlog.

eSoft was blocking an HTTPS site, but I added it to the passlist. It is still blocked. Why?

eSoft does categorization of HTTPS by IP. The hostname and request are encrypted. This means if https://example.com/ is getting blocked, adding "example.com" to the passlist will have no effect because HTTPS is categorized by IP address. If you add the IP address of example.com to the passlist then HTTPS traffic to example.com will be allowed.