Question about web filters



  • I just have a general question about web filters and how they work. Specifically how does a web filter view content on a private discussion forum to block it according to content?

    My scenario: I run a small (40 members) private discussion forum for bullet casting and reloading from home using a free subdomain. My employer uses websense for it's content filtering and one of the many things they filter is weapon related content.  Recently my discussion forum was blocked due to weapon content. How can a web filter "see" the content of a member only private discussion board that is not visible to guests?

    Please understand I am NOT trying to circumvent this, just curious how it works.



  • @Jailer:

    I just have a general question about web filters and how they work. Specifically how does a web filter view content on a private discussion forum to block it according to content?

    My scenario: I run a small (40 members) private discussion forum for bullet casting and reloading from home using a free subdomain. My employer uses websense for it's content filtering and one of the many things they filter is weapon related content.  Recently my discussion forum was blocked due to weapon content. How can a web filter "see" the content of a member only private discussion board that is not visible to guests?

    Please understand I am NOT trying to circumvent this, just curious how it works.

    There's a few options.

    Option 1: It uses a database for content filtering and your site is listed in that database as having weapons content.
    Option 2: You're using HTTP and they are scanning the actual content
    Option 3: You're using HTTPS and they have a trusted certificate on their client machines which lets them intercept and decrypt the traffic between the clients and them at which point they can scan the actual content
    Option 4: False Positive on any of the above



  • @Trel:

    There's a few options.

    Option 1: It uses a database for content filtering and your site is listed in that database as having weapons content.
    Option 2: You're using HTTP and they are scanning the actual content
    Option 3: You're using HTTPS and they have a trusted certificate on their client machines which lets them intercept and decrypt the traffic between the clients and them at which point they can scan the actual content
    Option 4: False Positive on any of the above

    1. But if it's private and not viewable by guests then how does that happen?
    2. HTTPS albeit self signed.
    3. Possible but again how would the web filter be able to identify content if it's private?
    4. Possible, but the block specifically listed weapons content and not dynamic DNS as the reason for the block.

    Forgot to also mention that I had been connecting via my public IP since dynamic DNS is also blocked by the web filter.



  • Are you viewing the content of your forums from work?  If they are proxying your web connection then they "see" everything you access.



  • Yes from work. That must be how it was categorized then, they track all web access.



  • @Jailer:

    Yes from work. That must be how it was categorized then, they track all web access.

    If they're doing that, and you're using HTTPS, then Option 3 from my originl post is what's happening.



  • Also, nobody has time to be crawling through people's web history to that degree.  It's likely that your site's content reached a threshold that triggered the block based on heuristics.  Number of keywords like bullet, ammo, ammunition, gun, etc reached a tipping point.



  • Well that makes more sense and would explain why it was working a while ago but when I tried today it didn't work. Thanks guys.



  • Yes from work. That must be how it was categorized then, they track all web access.

    And they can´t create a rule for your PC at the work? Then you will be able to do what you want.
    If they are working with a proxy server they could allow your static IP address then connecting this
    or if there will be an option to do a user auth. at the proxy they could set it free for your or plain
    customizing your account. Without any help from the admins you wont be able to do so I thing.

    Or you will be able to connect to your home firewall through a VPN tunnel and then you use the
    Internet connection from your home.



  • @BlueKobold:

    Or you will be able to connect to your home firewall through a VPN tunnel and then you use the
    Internet connection from your home.

    I could do this but it's not worth it.

    Browsing occasionally is one thing, circumventing security measures is quite another and would likely get me fired. No way in hell I'm going to risk my job for some occasional browsing.



  • @Jailer:

    @BlueKobold:

    Or you will be able to connect to your home firewall through a VPN tunnel and then you use the
    Internet connection from your home.

    I could do this but it's not worth it.

    Browsing occasionally is one thing, circumventing security measures is quite another and would likely get me fired. No way in hell I'm going to risk my job for some occasional browsing.

    I don´t want that you loose your job, it was more in the meaning to get in contact with the admins in your company
    to ask for.