Skip to main content

Web Page Classification

Web page classification analyzes the domain, URL, and most importantly, the words and phrases on every page load to tally a numerical score in one or more Categories for that page load.

The filter Action configuration (Allow/Block/Ignore) for the top-scoring Category is then used to handle that particular page request.

Traffic Visibility Prerequisites

On-webpage page word and phrase analysis is only possible with full SSL/TLS decryption, which is the default action for all web requests on TCP ports 80 (HTTP) and 443 (HTTPS)1.

And, for this to work, all endpoint devices connecting through the DrawBridge must have the DrawBridge Certificate Authority certificate installed. See the page SSL Certs under the Devices module for more information.

1Note: for security reasons, banking and financial-related websites are not TLS-decrypted. It is assumed that these sites are safe from inappropriate content. You can verify a site is Not being TLS-decrypted by clicking the shield or padlock in your browser address bar and viewing the certificate. If the certicate is issued by a public Certificate Authority (and not your DrawBridge), you can know that the DrawBridge is Not intercepting the connection.

Also Note: Certain web traffic (for example some cloud backup services and application traffic) that is not specification-compliant or is otherwise incompatible with content filtering are exempted at a firewall level from the traffic inspection on TCP ports 80 and 443.

Example

Visiting https://www.cabelas.com is most likely to score the most points in the Category Hunting and Fishing.

  • If the Action assigned to Hunting and Fishing is Allow, the Cabelas page will load as if nothing happened.

  • If the Action assigned to Hunting and Fishing is Block, a DrawBridge block page is loaded to inform the user that the request was blocked due to filter settings.

  • If the Action assigned to Hunting and Fishing is Ignore, the next-to-top scoring Category action is selected to handle the page load.

    Note: use of the Action Ignore is strongly discouraged except for special situations. If you decide to specify custom Actions for Categories, please only use Allow or Block to ensure predicatable filter behavior.

Important Notes

1. About changing default Category Allow/Block settings

The DrawBridge comes with a preset Action for each included (Built-in) Category. When you assign an Action (Allow/Block) to a Category, you're simply applying a change that gets higher priority than the default setting.

2. Default Category settings are Business-focused

The default settings for the Built-in Categories are tightly scoped to business-usage needs. Depending on your usage expectations, you will want to set more categories to Allow in your Company Preferences Access Policy, or in a custom Access Policy.

Further Reading

For more information on Categories and Actions, including how to change the Action for a Category, see Network Access / Overview and Essentials.

For more information on Certificates and Certificate Authorities, this Wikipedia article on Public Key Infrastructure may be helpful.

Back to top