Description:
This document describes the configuration steps necessary to use the content filter to initially block access to the Internet completely and only to allow access to web pages that are entered in the whitelist.


Requirements:


Procedure:
1) First make sure that the content filter is activated and that the firewall rule for the content filter exists and is also activated:
2) Switch to the Profiles tab and click on Categories.
3) In the list view, click on Add to create a new category entry.
4) Give the new profile a name in the Category profile field.
5) In the Configure menu, select a subcategory and set the permissions to forbidden.
6) Repeat step 5 for all of the available subcategories.
7) Click on the OK button once you have edited all the subcategories. The new category entry appears in the categories list as follows.

8) The next step is to assign the new category to a content filter profile. Click on the Profile button and, in the list that follows, open an existing profile by clicking Edit.
9) In this example we will edit the default profile CF-BASIC PROFILE. Assign the new category profile to the content filter profile by selecting it from the drop-down menu.
10) Accept your entries with OK.
11) Now you need to fill in the whitelist with the Internet addresses (URL's) for which access is to be allowed. Click on the button Whitelist addresses (URL).
12) In this example we will edit the default list MY_WHITELIST.
13) Enter the approved Internet addresses into the text box Address (URL). The various entries have to be separated by a space.

The following wildcard characters may be used:

  • * for any combination of more than one character (e.g. *.lancom.* encompasses the websites www.lancom.de, www.lancom.eu, www.lancom.es, etc.)
  • ? for any one character (e.g. www.lancom.e? encompasses the websites www.lancom.eu, www.lancom.es)

Please enter the URL without the leading http://. Please note that in the case of many URLs a forward slash is automatically added as a suffix to the URL, e.g. www.mycompany.de/. For this reason it is advisable to enter the URL as: www.mycompany.de*.

14) Accept your entries with OK. This concludes the configuration.

No entries are required in the Blacklist addresses (URL) list because a category profile prohibiting any communication was created insteps 4 to 7. The exceptions have now been entered into the whitelist.

15) Save the configuration to the LANCOM router.