Web content filter of webfilter
You can control access to web content by blocking web pages containing specific words or patterns. This helps to prevent access to pages with questionable material. You can specify words, phrases, patterns, wildcards and Perl regular expressions to match content on web pages. You can use multiple web content filter lists and select the best web content filter list for each web filter profile.
Pattern type
When you have created the web filter content list, you need to add web content patterns to it. There are two types of patterns: wildcard and regular expression.
Wildcard
Use the wildcard setting to block or exempt one word or text strings of up to 80 characters. You can also use wildcard symbols such as ? or * to represent one or more characters. For example, a wildcard expression forti*.com matches fortinet.com and forticare.com. The * represents any character appearing any number of times.
Regular expression
Use the regular expression setting to block or exempt patterns of Perl expressions which use some of the same symbols as wildcard expressions but for different purposes. In regular expressions, * represents the character before the symbol. For example, forti*.com matches fortiii.com but not fortinet.com or fortiice.com. In this case, the symbol * represents i appearing any number of times.
The maximum number of web content patterns in a list is 5000.
Content evaluation
The web content filter feature scans the content of every web page that is accepted by a security policy. The system administrator can specify banned words and phrases and attach a numerical value, or score, to the importance of those words and phrases. When the web content filter scan detects banned content, it adds the scores of banned words and phrases found on that page. If the sum is higher than a threshold set in the web filter profile, FortiGate blocks the page.
The default score for web content filter is 10 and the default threshold is 10. This means that by default, a web page is blocked by a single match.
Banned words or phrases are evaluated according to the following rules:
- The score for each word or phrase is counted only once, even if that word or phrase appears many times in the web page.
- The score for any word in a phrase without quotation marks is counted. l The score for a phrase in quotation marks is counted only if it appears exactly as written.
Sample of applying banned pattern rules
The following table is an example of how rules are applied to the contents of a web page. For example, a web page contains only this sentence:
The score for each word or phrase is counted only once, even if that word or phrase appears many times in the web page.
Banned
pattern |
Assigned score | Score added to the sum for the entire page | Threshold score | Comment |
word | 20 | 20 | 20 | Appears twice but only counted once. Web page is blocked. |
word phrase | 20 | 40 | 20 | Each word appears twice but only counted once giving a total score of 40. Web page is blocked. |
word sentence | 20 | 20 | 20 | “word” appears twice, “sentence” does not appear, but since any word in a phrase without quotation marks is counted, the score for this pattern is 20. Web page is blocked. |
“word sentence” | 20 | 0 | 20 | This phrase does not appear exactly as written. Web page is allowed. |
“word or phrase” | 20 | 20 | 20 | This phrase appears twice but is counted only once. Web page is blocked. |
Sample configuration
To configure web content filter in the GUI:
- Go to Security Profiles > Web Filter and go to the Static URL Filter
- Enable Content Filter to display its options.
- Select Create New to display the content filter options.
- For Pattern Type, select RegularExpression and enter fortinet in the Pattern
- Leave Language as Western. l Set Action to Block.
- Set Status to Enable.
- Select OK to see the updated Static URL Filter
- Validate the configuration by visiting a website with the word fortinet, for example, www.fortinet.com. The website is blocked and a replacement page displays.
To configure web content filter in the CLI:
- Create a content table:
config webfilter content
edit 1 <– the id of this content
set name “webfilter”
config entries
edit “fortinet” <– the banned word set pattern-type regexp <– the type is regular expression set status enable set lang western
set score 10 <– the score for this word is 10 set action block
next
end
next end
- Attach the content table to the webfilter profile:
config webfilter profile
edit “webfilter”
config web
set bword-threshold 10 <– the threshold is 10
set bword-table 1 <– the id of content table we created in the previous step
end
config ftgd-wf
unset options
end
next end