Content Filtering

Owned by Fernando Rudilla García (Unlicensed)
Last updated: Oct 14, 2021
3 min read

It is necessary to contract the Add-on Content Filtering module, in addition to Octopus Guest.

The Content Filtering section allows you to configure and control the access that clients will have when connecting to the WiFi service, denying access to certain sites that you do not want. All the options in the Content Filtering Module are detailed below.

How it works

How do you determine which URLs are benign and which are malicious, and how do you perform these checks in real time?

To block malicious sites, a multi-source approach is used that obtains a constant stream of URLs for analysis. These URLs come from websites actively visited by a global network of customers across high-traffic markets such as subscriber analytics, network security, IoT and advertising technology.

This traffic is used to train supervised machine learning systems to detect, monitor and categorize threats. Using in-house and third-party tools, link, content, static, and behavioral anomaly analysis is performed to categorize threats. When threats are detected, those threats are profiled, tested and validated. Once threats have been validated, they are blocked with false positives that are used to train the system to improve future accuracy.

Unlike many DNS-based systems, it works not only at the domain level, but at the full path level and is capable of blocking individual web pages rather than entire domains. Most malicious URLs are marked as malicious at the path level.

In addition, checks are performed on websites that have previously been flagged as malicious to determine if they still contain malware or other threats. The database is updated accordingly.

It is important to take into account that the necessary technical requirements are met to enable the functionality.

Technical requirements

The Content Filtering functionality is based on the filtering of DNS requests and is therefore compatible with any deployed WLAN solution and does not require the installation of any specific equipment. However, it is necessary to fulfill some technical requirements in order to enable this functionality, which are detailed below.

  • Configuration options:

There are two viable options to enable this functionality:

  1. Static IP Address: The best option is for the Internet access provider to provide a static public IP address.

  2. Dynamic DNS: A second option if the client has a dynamic public IP and the ISP's router supports this option is to enable Dynamic DNS or DynDNS. This will assign a specific domain to the dynamic IP provided by the provider.

If the client does not have a static IP address and the Internet access router does not support Dynamic DNS configuration, it will not be possible to enable content filtering.

  • Required data

To enable Content Filtering it will be necessary to provide the public IP of the Internet access if it has a static IP or on the contrary if it is a dynamic IP it will be necessary to provide the corresponding domain of the Dynamic DNS.

  • Security

It is advisable to block in the routers or firewalls of the network the DNS requests to DNS servers other than those delivered by DHCP. In this way we can guarantee that users cannot bypass the filtering.

Filtering categories

In the following file you can see the 53 types of content filtering available in Octopus Platform.