Summary #
SecureSchool always follows the same sequence when determining whether or not to allow a website through the proxy.
More Information #
SecureSchool uses the following steps when determining whether or not to allow a website through the proxy.
Step 1. Filter Sets: SecureSchool must first determine which Filter Set rules need to be followed. This depends on your selected Authentication Method.
The type of authentication methods that SecureSchool supports are as follows.
None – All of your users are filtered the exact same way. SecureSchool does not need to choose which Filter Set to use.
SSB Authentication – A user must enter a username and password every time they browse the Internet. This username and password is stored in SecureSchool’s database. Each username is assigned to a User Group. Each User Group is assigned to a Filter Set. Filter sets can also be selected by the user’s IP address. An IP address or range of addresses can be added to SecureSchool’s database and matched with a Filter set.
NT/2000 – Your users must enter a username and a password every time they browse the Internet. This username and password is stored in your Windows Active Directory. Note that this method is obsolete.
NTLM – Your users must log on to their workstations with their Active Directory domain account. The user’s domain username are then automatically sent to SecureSchool along with the web request. SecureSchool will then request the user’s group information that is stored in your Windows Active Directory.
Note that for both NT/2000 and NTLM, each username must be assigned to a global security group in your Active Directory. That same group name must exist and match exactly (it is case sensitive, with only letters, numbers and underscores used) one of the Filter Sets in SecureSchool. When the user makes a request, SecureSchool takes the supplied username and asks your Domain Controller for a list of all groups that the username has membership. SecureSchool attempts to match these group names against the Filter Set names. If there is an exact match, the username is filtered according to the matching Filter Set. If there is no match, the username is denied Internet access.
Step 2. Website Filtering: SecureSchool uses the Filter set to evaluate sites that are maintained in its database in the following order.
Unfiltered (Whitelisted) – The website will not be blocked or content filtered. If the filter “Block all websites except sites which you have set to be unfiltered in Website Blocking” has been set, then only websites with the Unfiltered Access Control option selected will be able to be viewed.
Blocked (Blacklisted) – The website will not be allowed.
Content Filtered – The website will be allowed, provided its content meets the criteria set in the Filter set’s content filtering settings.
Step 3. Content Filtering: There are 5 components to the Content Filter.
Weighted Words and Phrases – All of the words on the web page are scanned. SecureSchool looks for any matches between the web page and the Weighted Words and Phrases lists. If there are any matches, SecureSchool adds the score associated with the match to the page’s total Weight. When SecureSchool finishes calculating the entire Weight of the page, it compares that value to the Weight Threshold you have configured. If the Weight is below the Weight Threshold, the web page may be sent to the user if it is not blocked by other Content Filtering options.
PICS Filtering – PICS filtering is based on a system established by the Internet Content Rating Association. It is a system that relies on voluntary self-rating of web pages. If the web page is rated according to the PICS filtering guidelines, SecureSchool will compare the rating to the one you selected. If the web page’s PICS rating is above the age you have selected, then SecureSchool will send the Access Denied page to the user. If the web page does not use PICS rating or if you have selected “Don’t use PICS filtering” then the web page may be sent to the user if it is not blocked by any other Content Filtering options.
File Extension Blocking – SecureSchool can look at the file extension on a file that a user attempts to download. If the File Extension is blocked, SecureSchool will send the Access Denied web page to the user.
URL Filtering – SecureSchool examines the URL itself that is requested by the user. The URL is scanned to see if there are any matches in the URL Filtering lists. If a component of the URL matches a word on the URL Filtering Lists, then SecureSchool will send the Access Denied page to the user.
MIME Filtering – MIME Filtering helps to ensure that you are able to block certain types of web requests even though they may be named differently. SecureSchool determines the MIME type for that URL. If you have set the MIME type to be blocked, SecureSchool will send the Access Denied web page to the user.
