One of the most important pieces of information, when troubleshooting issues with web filtering, is the reason for the block, which is listed on the blockpage.
The reason tells you the category that the material was classified as, and the method that was used to categorize the content.
There are six methods that can be listed on the blockpage. Two of those are shown only when a certificate check is the cause of the block. Blocks caused by certificate validation errors are covered here: Invalid Certificate for a HTTPS Website
Note: Categorization of web access is always done, irrespective of block or allow policies in place.
The remaining four methods that can be seen are:
Domain/URL filtering:
The domain is listed specifically in the Smoothwall blocklist. This is the easiest method of categorizing content. The Smoothwall blocklist has a large library of domains and URLs, which is updated daily.
To resolve a block caused by a specific domain entry, you need to create an allow rule, which allows that particular domain or the category containing the domain. In case of overlap, you might need to block one category and allow another.
The “Online games” category is usually blocked, which blocks Shockwave flash games. However, this might also affect games used for educational purposes. To amend this, use the “Education and reference” category in an allow rule and give this rule a higher priority than the block of online games, by placing it higher up in the policy list than the block of “Online games”.
Content filtering:
Content filtering is when the content is used to categorize the page. Content filtering happens in real time on the Smoothwall, which means that a page that was considered harmless a minute ago, can be recategorized and blocked if the content on that page changes.
For example, the Smoothwall can recognize a discussion forum thread suddenly turning nasty and it can block access to that page as soon the the offending posts are published. This happens even before moderators, if any, have removed or sanitized the posting. Once that has happened and the offending content is removed, the Smoothwall content filter no longer blocks the page. A quick example of a content based block is to perform a Google search for “AR 15” through a Smoothwall filter that has HTTPS inspection enabled and is blocking personal weapons.
The reason given shows that the search results were blocked due to “Personal weapons” category and the method is content filtering. The Smoothwall downloads the search results, looks at them and recognizes the content as belonging in the personal weapons category.
To resolve an unintended block based on content, either reconsider whether the category causing the block to appear should be blocked at all, or create a specific allow for the site being blocked. Often the category “Alcohol and tobacco” is being blocked as a general rule, which might affect online purchasing from sites that also sell wine and spirits, for example.
Note: It is always better to not block, than it is to allow. Sometimes that is not possible but in general, always consider if block rules should be amended before adding another allow rule. Look at it this way: If something needs to be allowed, why is it being blocked in the first place? Removing the block is preferred to adding an allow rule, because adding an allow rule means you now have two policies, a block and an allow rule, where none might be needed.
Search term filtering:
Search term filtering means that the words or phrases searched for, are specifically mentioned in the Smoothwall blocklist. You can add search phrases and words to both custom categories and existing blocklist categories. For example, new slang terms being used, or to allow searches that would otherwise be blocked because of the results or the phrase used in the search.
When adding a word or a phrase to a custom category, be mindful of the embedded word problem. For example, blocking a word like "sex" would also match Middlesex and Sussex. To avoid this, you can place spaces in the phrase as well. While blocking "sex" would risk overblocking, a block could be put in place for " sex ", with a space before and after the word. Spaces are characters too, so this won’t match "Middlesex" but would match any sentence containing the word " sex ".
URL patterns:
The URL Patterns method means that the Smoothwall looks at the URL of the request and has recognized content based on the content of the URL. When the Smoothwall sees “/banneradvert/” as part of a URL, it’s fairly safe to assume we are dealing with an advert. Unblocking sites based on this method is best done by allowing the domain rather than the specific URL.