Configuring traffic filtering criteria

To configure traffic filtering criteria:

  1. In the application web interface window, select one of the following sections:
    • for global rules, the Rules section;
    • for workspace rules, the Workspaces section.
  2. If you added a workspace, select one of the following tabs:
    • Before workspace rules.
    • After workspace rules.
  3. Select the group of traffic processing rules.

    The traffic processing rules table opens.

  4. Select the rule for which you want to configure filtering criteria.

    This opens a window containing information about the rule.

  5. Click Edit.
  6. Click kwts_button_plus under Traffic filter.
  7. A drop-down list appears, select one of the following options:
    • Category.

      You can use this criterion to control user access to Internet resources based on their categories. For example, you can prohibit access to social networks by selecting the Social networks category.

    • URL.

      In addition to the URL, you can add the protocol or port of network connections to filtering criteria.

      • To add an URL to filtering criteria, enter it the box in the URL window.
      • To add a protocol or port of network connections to filtering criteria, enter any value in the box in the URL window and click Add. In Protocol and Port boxes that appear below, enter the required values.

        For example, you can prohibit access ot all Internet resources over the HTTP protocol.

    • File name.

      You can add a specific file name to filtering criteria or use regular expressions. For example, you can prohibit downloading executable files with the exe extension by entering *.exe.

    • File type.

      Viruses or other malware can be spread in executable files renamed to have a different extension, for example, txt. If you selected the File name criterion and entered *.exe, such a file is not processed by the application. However, if you selected file filtering by format, the application checks the true format of the file regardless of the extension. If the check reveals that the file has the EXE format, the application processes it in accordance with the rule.

    • File size, KB.

      You can use this criterion to control the network traffic volume of your organization. For example, you can prohibit downloading files over 700 MB in size.

    • MIME Type.

      You can use this criterion to control access to objects depending on their content. For example, you can prohibit playing video streams by entering video/*. For examples of MIME types of objects, see Appendix.

      If you specify multipart/*, the Content-Type header of the object is ignored. The multipart MIME types of objects are processed by parts according to the Content-Type header of each part of the object. If any part of the object is prohibited at the conclusion of the scan, the Deny action is applied to the whole object.

    • MD5.

      You can prohibit access to an object by entering its MD5 hash. This can be necessary if you receive information about a virus or other malware from a third-party system and you know only its MD5 hash.

    • SHA2.

      You can prohibit access to an object by entering its SHA2 hash. This can be necessary if you receive information about a virus or other malware from a third-party system and you know only its SHA2 hash.

    • Traffic direction.

      You can use this criterion to configure processing of all inbound or outbound connections.

  8. In the field to the right of the drop-down list, enter the value for the selected setting.
  9. If you added more than one criterion, select a logical operator in the drop-down list next to Traffic filter:
    • If you want the rule to trigger when at least one of the conditions is satisfied, select any of.
    • If you want the rule to trigger only when all added conditions are satisfied simultaneously, select all of.
  10. Click Save.

Traffic filtering criteria are configured.

Page top