Policy Guidelines
July 18, 2011 • Customer Services
Synopsis
This item gives our guide lines on policy configuration.
Article
Policies are the bedrock of the CensorNet configuration. At any point in time, a user surfing the web will have access to, or be denied from, a site based on the policy that applies to them at the time they click the mouse. (The rules that determine which policy is applied are discussed in the related topic "How do I know which policy is in use?"
Policies are applied to groups of objects. Either to a group of workstations, or to a group of users. The above referenced article explains the order in which these tests are made.
There are five types of policy, defined as follows :-
Open An open policy is one that will allow a user to surf to any site. There are no blocks. In particular, you can even visit any HTTPS site or numeric URL. Both HTTPS sites and numeric URLs are blocked in filtered policies, requiring an entry in a Custom URL category.
Closed A closed policy is one that is totally closed. A user on this policy cannot surf to any site at all.
Filtered A filtered policy is one where one or more filters are applied. These filters determine the types of sites, or even specific URLs, which are permitted or blocked. A filtered policy is useful when you are setting up rules for general permisive surfing but where unwanted content, such as pornography, or annoying adverts, are barred.
Advisory An advisory policy works in much the same way as a filtered policy, with one important difference. Rather than a user receiving a Request Unblock button they instead receive an Override button. Clicking this allows the user to surf the overridden block for the duration of this session and for up to 30 minutes after they last visited it. This sort of policy is intended for Senior Staff and Administrators, not for the general user.
Restricted A restricted policy allows users only to visit the specific sites (or categorised sites of a certain type) that the administrator allows. It is the equivalent of the Walled Garden facility that was available in CensorNet v3. The difference is that different [groups of] users can have different policies, permitting different restrictive policies for the differing groups.
To create a new policy, navigate to Policies->New Policy and the following screen will present itself :-
Fill in the fields, giving the policy a name, a description, a colour code, and selecting a policy type. Here we are creating a filtered policy.
Note: The colour code contains the RGB values needed to select a colour. It is easier to click on the Pick button and select a colour from the colour chart.
Depending upon the policy type you choose, the lower half of the page may change. The following images show some of what appears if you are creating a policy of the filtered, advisory, or restricted kind.
The first thing you notice is that you get three extra fields at the top allowing you to determine what happens if rules conflict, how to handle sites classified as "Dynamic" and the period of time you will allow users to surf sites that are time limited.
The first option is required since any URL can be in more than one category. If your policy blocks one category but allows another, the CensorNet needs to know how it is to react. With the shown setting, which is the default, if any of the categories a URL falls into are blocked, then the URL in question is blocked. The other option reverses this, so that if any one category is set to allow, then the URL is permitted.
The second option tells the CensorNet what to do with sites that are classified as "Dynamic". A dynamic site is one which contains material on many subjects, some of which you may be happy for your users to see, and some of which you won't be. Sites such as Google, Yahoo and Wikipedia are classified as "dynamic". With such sites, you may want to allow access to most of the site and still block the odd page. The default option (shown) does precisely that because it forces the system to also call the real time raters. The Alternate option means that a site that is classified does not also cause the real time raters to be called. In general it is safer to have dynamic sites checked by the raters.
As mentioned above, the Time Quota field allows you to specify a length of time that certain categories of sites can be surfed. A user visiting a site falling within a quota controlled category (which has to be one set to "Allowed") can visit for the length of time you specify here. After they have reached the specified quota limit, they will not be able to surf sites in that category until the next day. The quota is reset at Midnight.
If a URL falls into multiple categories, one of which is quota controlled and one of which is not, the quota will apply.
Underneath these fields we see the various modules. The first of these is the Custom URL module.
The categories in the Custom URL module are ones that you will have added yourself using the Custom URL section of the Filters menu. You can create as many categories as you wish and then assign URLs to them. Then, in the policy you can specify which categories are Allowed or Blocked.
In the screenshot dispayed, some category names have "(Override)" or "(Blocked)" in them. This is a hang over from a migration from an old system. Your category names need not contain these words. What defines what happens to them is the radio button you select for each category.
As you can see, in a new policy, all categories are set to "Ignore" and will have no effect unless you set the appropriate action. The screen shot below shows this section after certain configurations have been made. Note the use of the quota module for some categories.
The second module in the policy is the Content Classifier module. This is the module that contains the classifications of well over 60 million sites and is updated overnight every day by your CensorNet.
As you can see from the shot, categories are broken down into sub-categories. So you can block the overriding category, or you may choose to block most sub-categories but permit one, for instance, you may choose to permit Adult Mature; Art Nudes whilst blocking the rest of Adult Mature.
The File Type filter, MIME Type filter and Active Image Control module still exist but are not shown here.
Please consult the supplied documentation for more information on policies.
Related articles
