What is Content filering in the WEB?

The content filtering is often intended for things like educational institutions who are monitoring web activity and want alerts when there are potential problems such as bullying.

You can set up a content filter for words and phrases like "kill you" and "you should kill yourself" and "suicide", and then create a web policy rule near the top for all web traffic with those phrases should be logged.  Then every day an administrator can look in the log, where those phrases plus some context around them will be presented.

When you create a policy rule that includes content filtering the only options are to log or block when the content is seen.  There is no ability to set different actions on HTTP or HTTPS.  Typically you would want the rules to be on the category 'AllWebTraffic' but you could make them only for Blogs and Forums or some other category.

For example if you wanted to monitor anyone doing online searches for bombs you could have a content control filter for those type of keywords, category of Search Engines, log.  It might get a lot of additional things than just their search terms, but it is something.

Hi,

Thanks for this great information. It is very useful for me. Today I had a discussion with Sophos Tech team and he shared the same level of things but he told me that we are working on taking action of HTTPS. Currently, Sophos can support action on only HTTP traffic. We will come with HTTPS action. Is it right?

Hi,

Thanks for this great information. It is very useful for me. Today I had a discussion with Sophos Tech team and he shared the same level of things but he told me that we are working on taking action of HTTPS. Currently, Sophos can support action on only HTTP traffic. We will come with HTTPS action. Is it right?

No that is not correct.

Almost all customers want to perform the same action on HTTP and HTTPS.  Sophos' other products only allow you to select one action, and it is applied to all traffic regardless of whether it is HTTP or HTTPS.

The old Cyberoam product had the ability to select different actions on HTTP and HTTPS.  In order to facilitate upgrading from Cyberoam to XG, the XG was built with the same functionality.  However 99.9% of the time customers will always want them to be the same.  In v16 and later we designed the UI to de-emphasize the difference.  So you set an "Action".  Only if you hover do you see that "Action" applies to HTTP and that there is a second field for HTTPS.  That second field is defaulted to "Use Action" meaning that the HTTPS Action will do whatever the HTTP Action does.

With the Content Control, we wanted to further remove the idea that HTTP and HTTPS are different.  Therefore you set "Action".  Hover continues to show that it HTTP, however now when you hover over the HTTPS it is "Use Action" (like the normal default) but that it cannot be changed.  That does not mean that HTTPS is not supported, that means that HTTPS cannot be configured differently from HTTP.

That being said, the XG can only apply policy on traffic that is can see.  If you are not using HTTPS Decrypt and Scan in the firewall rule, then the XG cannot see inside the encrypted traffic.  Virus scanning, filetype blocks, and content scanning in HTTPS require HTTPS Decrypt and Scan.