How to use WCF Filter with DNS Filter to Block a HTTPS website?

How to use WCF Filter with DNS Filter to Block a HTTPS website?

 

This document introduces how to block a HTTPS website with Web Content Filter(WCF) and DNS Filter. WCF allows us to block or pass a certain website according to its category. But when it comes to HTTPS websites, WCF might not tell the category since the packets are encrypted. Therefore, we also DNS Filter to monitoring the DNS queries and help WCF categorize the websites.

In this note, we take blocking social network websites for example.

  1. Go to CSM >> Web Content Filter Profile, and check if the router has an WCF license activated.

1

See “How to Register My Vigor Router and Activate a Free WCF Trial License?” to activate a free trial license.

  1. Create a new profile at CSM >> Web Content Filter Profile

    1. Click on a Profile number to create/edit a profile.

    2. Select the Categories you would like to block access.

2

  1. Go to CSM >> DNS Filter Profile, and apply the WCF profile to a DNS Filter.

    1. Click on an Index number to create/edit a profile.

3

  1. Go to Firewall >> Filter Setup >> Set 2, and apply the WCF and DNS Filter to a Firewall Filter.

    1. Click on a Filter Rule Index number

    2. Edit the Source IP to which this Firewall Rule applies.

    3. Select Filter Action as Pass Immediately

4

  1. After the above configuration, when LAN clients try to access a social network website, e.g., www.linkedin.com, the browser will show a blocking message says that the page is blocked by Web Content Filter.

5

Access to a HTTPS website is also blocked, and we can see that it is been blocked by DNS Filter.

6

You may edit the “Administration Message” at CSM >> DNS Filter Profile; however, it might not not be shown due to the browser's security concern.

Trouble shooting

If the WCF and DNS Filter does not block the websites you would like to block, please do the following.

  1. Check if there is an URL Content Filter that pass the website. Remember that URL Filter has higher priority than WCF Filter, if the URL has passed the packets, then the WCF will not be implemented. 

  1. Make sure that you have select the right category for the websites you would like to block. If you are using a Commtouch WCF license, you may check the URL category by  http://www.cyren.com/url-category-check

  1. Check the DNS Server of your computer. Run “cmd” on your computer and enter the command “nslookup server”.

t1

Local DNS Filter is required for those LAN clients who use the Router as its DNS server. So if you would like to use the router as your DNS server, please apply the created WCF to Local DNS Filter instead of a DNS Filter profile.

After you created a WCF profile, please go to CSM >> DNS Filter Profile and set up DNS Filter Local Setting.

    1. Enable Local DNS Filter

    2. Select WCF as the WCF profile we created.

    3. Click OK to apply.

t2

Note that the setting here will be applied to all the LAN clients who uses this Vigor Router as their DNS Server. If any LAN clients would like to pass the filter, it has to use other DNS server.

NEWSLETTER

Nom (*)
Please let us know your name.
Email (*)
Please let us know your email address.