Web Protection - Filtering / Categories

I would like to create new filter categories to use in Web Filter Profiles.
When creating a new "Filter Category"  sub-categories have to be selected.

Are there any lists which websites will be blocked by a certain sub-category?
For example the sub-category "Media sharing" - which websites will be blocked?
How do the sub-categories relate to physical websites? Are there any official blackllists that can be looked up somewhere?

At the moment it's rather more guessing than really deciding which sub-category to take or not.
Who does actually manage those categories and how recent are they? Do they get updated from time to time?

Parents
  • There are two types of categories.    Websites are assigned to a category by database.   There is no master list, as it would reveal the proprietary information of the vendor that created the database, and the list would be overwhelming.   The website category is what appears in the web filtering log.  Website categories cannot be changed.

    UTM will use the whole URL to determine the category if it has visibility to the whole thing.   This is the case for https with decrypt-and-scan and http.   Https without decrypt-and-scan can only act on the host name, because the rest is hidden in the encrypted portion of the packet.

    To see how a specific website will be handled by a specific user configuration, use Policy HelpDesk.   

    The website categories are grouped into the super-categories used in Filter Action allow-block settings.   "Super-category" is my own term; UTM documentation uses "category" ambiguously for both types.   Super Categories can be created and deleted at will.   However, there is not mechanism to ensure that every website category is in one and only one Super Category.  So you must make a spreadsheet of the "Before" settings, and ensure that you have everything covered in your "After" settings.   If a website category is not in any Super Category, it will probably be allowed, but that is only a guess.   If a website is in multiple website categories with different actions configured, your results are unpredictable and probably not what you want.   But I have rearranged my Super Categories successfully, you just have to be careful.

    Any database will be incomplete, so you will have some websites that are uncategorized.   My assumption is that this will be one of two things:   (1) A small business website that is harmless but too small to be noticed, or (2) a malicious website that just changed its name to evade databases like this one.    Given these risks, we have chosen to block Uncategorized websites.

    The UTM database is provided by McAfee.   To get a website categorized, use https://TrustedSource.org, as this queries McAfee directly.  Use "McAfee SmartFilter 4.2 (XL-1)" as the database option.   After checking a site rating, you can ask for it to be re-evaluated.   If you get a free account, you can submit a list of 100 sites at a time.   McAfee consistently processes re-evaluation requests in 24 hours or less.   Sophos says that McAfee updates propagate to them within 5 days.

Reply
  • There are two types of categories.    Websites are assigned to a category by database.   There is no master list, as it would reveal the proprietary information of the vendor that created the database, and the list would be overwhelming.   The website category is what appears in the web filtering log.  Website categories cannot be changed.

    UTM will use the whole URL to determine the category if it has visibility to the whole thing.   This is the case for https with decrypt-and-scan and http.   Https without decrypt-and-scan can only act on the host name, because the rest is hidden in the encrypted portion of the packet.

    To see how a specific website will be handled by a specific user configuration, use Policy HelpDesk.   

    The website categories are grouped into the super-categories used in Filter Action allow-block settings.   "Super-category" is my own term; UTM documentation uses "category" ambiguously for both types.   Super Categories can be created and deleted at will.   However, there is not mechanism to ensure that every website category is in one and only one Super Category.  So you must make a spreadsheet of the "Before" settings, and ensure that you have everything covered in your "After" settings.   If a website category is not in any Super Category, it will probably be allowed, but that is only a guess.   If a website is in multiple website categories with different actions configured, your results are unpredictable and probably not what you want.   But I have rearranged my Super Categories successfully, you just have to be careful.

    Any database will be incomplete, so you will have some websites that are uncategorized.   My assumption is that this will be one of two things:   (1) A small business website that is harmless but too small to be noticed, or (2) a malicious website that just changed its name to evade databases like this one.    Given these risks, we have chosen to block Uncategorized websites.

    The UTM database is provided by McAfee.   To get a website categorized, use https://TrustedSource.org, as this queries McAfee directly.  Use "McAfee SmartFilter 4.2 (XL-1)" as the database option.   After checking a site rating, you can ask for it to be re-evaluated.   If you get a free account, you can submit a list of 100 sites at a time.   McAfee consistently processes re-evaluation requests in 24 hours or less.   Sophos says that McAfee updates propagate to them within 5 days.

Children
  • Thank you very much for the detailed answer.

    I noticed the super-category and sub-category coexistence you explained. Instead of modifying the super-categories we just created new ones and decided which sub-category needs to be blocked.

    Good to know where the actual source of the list is coming from and that there is a chance of get a site checked.