Web Filtering
Administrators can limit access to websites by defining Web Filter Policies.
Once a policy is created it can be assigned to any number of groups via Group Setting or directly to Workspaces . Policies set on the Workspaces take priority over those assigned to Groups.
Configuration
Use of the Categorization requires a license. Kasm Workspaces must also have live internet access to communicate with the categorization service. Please contact your Kasm Technologies representative for details.
| Property | Description |
|---|---|
| Name | A name for the policy |
| Description | A description for the policy |
| Deny By Default | If checked, all requests will be denied unless the domain is added to the Domain Whitelist, or the category of the domain is set to allow. If unchecked, all requests will be allowed unless the domain is added to the Domain Blacklist, or the category of the domain is set to deny. |
| Domain Blacklist | A list of domains to reject. Enter one domain per line. Sub-domains are automatically matched unless explicitly defined elsewhere. |
| Domain Whitelist | A list of domains to allow. Enter one domain per line. In the event of a conflict, the blacklist takes priority. Sub-domains are automatically matched unless explicitly defined elsewehere. |
| Enable Safe Search | When enabled, Safe Search for popular search engines will enforced using the Safe Search Patterns. Google, Bing, Yandex, DuckDuckGo, and Yahoo are supported by default. |
| Enable Categorization | If checked, requested domains will be checked against Kasm's url categorization service. Each category can be set to Allow, Deny, or Inherit. Inherited categories will utilize the Deny By Default setting. Domains specified in the Domain Whitelist or Domain Blacklist take priority over categorization. |
| URL Categories | Administrators can choose to Allow, Deny or Inherit the default rule for each category. If Inherit is selected, the category will be allowed/denied based on the Deny By Default setting |
| Disable Logging | When enabled, no access related logs will be produced. |
| Safe Search Patterns | A data structure containing the URL rewrite rules used to apply Safe Search. |
| SSL Bypass Domains | Web Filtering uses SSL inspection technology to enforce policy. In some cases, this technology will not be compatible with a website. Administrators can enter a list of domains that will bypass this inspection to restore functionality. Enter one domain per line. To match all subdomains domains, prefix a period before the domain .google.com |
| SSL Bypass IPs | Web Filtering uses SSL inspection technology to enforce policy. In some cases, this technology will not be compatible with a website. Administrators can enter a list of IPs that will bypass this inspection to restore functionality. Enter an IP or CIDR notation one per line. |
URL Categorization Caching
When URL categorization is enabled, categorization data is queried via the Web Filter Update URL categorization service defined in the global settings. For performance reason, these results are cached in the local Kasm deployment for a configurable period of time. The two settings that govern the expiration of these records are:
-
Web Filter Default Category Expiration (Hours)
- URL categorization results will be cached for the specified time, defined in hours. This setting applies to domains that have a category other than Uncategorized.
-
Web Filter Uncategorized Expiration (Hours)
- URL categorization results will be cached for the specified time, defined in hours. This setting only applies to domains that are currently categorized as Uncategorized.
Any session that is launched after the expiration time, will have fresh categorization results fetched from the Web Filter Update URL.