This chapter describes how to configure and activate the NetMan Internet filter. The NetMan Internet filter is a component that can filter Internet access to NetMan clients in multiple ways. You can filter Internet access globally. You can also configure separate settings for individual NetMan Program and URL script types. You can use a Filter Configuration action to define a temporary exception to the global defaults in advanced scripts and in NetMan (startup/shutdown) scripts. The Internet filter can screen both URLs called and application processes that access the Internet.
When an Internet address is called, NetMan Internet filter screens for the following protocols:
•HTTP
•HTTPS
•FTP
All URLs or addresses are blocked by default. Clients can access only addresses or domains that you explicitly permit. FTP and HTTPS calls are filtered only at the host-name level. With HTTP, on the other hand, you can filter addresses:
•by explicit URL
•on the URL level
•on the host-name level
•on the domain level
Addresses are stored in lists (“blacklist” and “whitelist”) in the filter file. These contain the permitted and excluded Internet addresses. Permitted addresses are accessible to the user. Excluded addresses are not accessible to the user.
In addition to filtering Internet addresses, the Internet filter can also be configured to filter processes. When you activate a process-based filter, NetMan Desktop Manager blocks Internet access for all applications. To allow exceptions, you can create a process-based filter definition. For example, this is applied to permit the processes of a particular application. The Editor for Internet Filter Files records every Internet access attempt by that program's processes and lets you choose from the resulting list to define exceptions to your access rules. The recording can also include child processes of the specified process. If you do not know exactly which applications run processes that access the Internet, you can record all processes in the system.
When a program loads the NetMan Internet filter, all URLs are automatically checked against the filtering rules. If a blocked Internet addresses is selected, access is denied. A browser page is opened with a message to the user that access has been denied. The processes are monitored in the background; the user cannot see that the processes are blocked from accessing the Internet. Some programs, however, do not run correctly if their processes cannot access the Internet, in which case the program shows an error message. If the global filter is active, all Internet addresses are checked against the filtering rules regardless of which program called the address. In general, the Internet filter checks for filter rules in the following sequence:
•Script
•NetMan Environment
•Global level
The NetMan Client must be running to enable the filtering mechanism!
With the NetMan Internet filter, your users' ability to access the Internet can be severely restricted. Internet filter definitions are usually created either in directly in the NetMan Center or "ad hoc" while working in the Script Editor. After the filter definition has been created, it has to be allocated to the Internet filter. The following chapters provide details on the NetMan Internet filter:
•For details on creating URL-based and process-based Internet filters, see "Create an Internet Filter Definition“.
•The use of the Editor for Internet Filter Files and its features is described in "Editor for Internet Filter Files“.
•For details on opening your existing filters and modifying them, see “Edit an Internet Filter Definition“.
•For details on allocating Internet filters, see "Allocate an Internet Filter“.
SafeSearch filter
The Internet filter supports SafeSearch. The SafeSearch mechanism hides results with offensive (e.g. pornographic) content when searching in search engines. The SafeSearch feature is activated in the NetMan Settings. In the NetMan section, on the Filter Configuration page, tick the option Use SafeSearch filter. With the Internet filter activated, potentially offensive results are now hidden from every search in a search engine. Note that SafeSearch is a US product and that the filter filters according to US standards.