Introducing Web Content Filtering

As for Firmware 6.3, Peplink devices can block specific site categories as defined by publicly available blocking lists in addition to blocking specific web domains.

Note: The available categories have changed a few time since being introduced. The screenshots in this article are taken from routers using firmware 8.0

Supported Devices

Two versions are available: lite and full. The full version supports a larger blacklist with more specific categories.

LITE

Balance: One, 210, 310, 30 LTE
MAX: BR1*, BR1 Mini, BR1 Slim, BR1 Pro*,BR1 ENT, Hotspot, BR1/2 IP55*, BR2*, Transit, OTG* (HW2 or above), 700 HD2, HD2 Mini, HD2 IP67, HD4 , MBX, SDX
MediaFast: 200, HD2, HD4
Surf: SOHO*, SOHO MK3

FULL
Balance: 305, 380, 580, 710, 1350, 2500, EPX
MediaFast: 500, 750

Setting Categories

To begin, navigate to Network > Firewall > Content Blocking (For MAX Devices: **Advanced > Content Blocking**).

lite Version

Full Version

For either version, select the categories you wish to block by ticking the checkmarks. Alternately, you can also use our presets by clicking the High, Moderate, and Low radio buttons.


Once the presets are selected, you will be able to add or remove categories as needed. Please note that the presets may change when the Firmware upgrades, potentially changing your category selection.

Setting Customized Domains

In addition to categories, you can also define specify domains to block or allow.

If “foobar.com” is entered, any web site with a host name ending in foobar.com will be blocked, e.g. www.foobar.com, foobar.com, etc. However, “myfoobar.com” will not be blocked.
You may enter the wild card “.” at the end of a domain name to block any web site with a host name having the domain name in the middle. If you enter “foobar.”, then “www.foobar.com”, “www.foobar.co.jp”, or “foobar.co.uk” will be blocked. Placing the wild card in any other position is not supported.
The device will inspect and look for blocked domain names on all HTTP traffic. Secure web (HTTPS) traffic is not supported.

Setting Exempted User Groups and Subnets

You can also set up specific user groups or subnets to exempt from web blocking and application blocking. Simply click the checkbox for the groups you wish to exempt, and add your network and subnet masks. Please note that these exemptions affect both web and application blocking.

Frequently Asked Questions

How does the Web Blocking list work? Your router has an integrated list of website categories (e.g. adverts, file sharing). When the router detects traffic from a source URL that matches the website list, that traffic can then be blocked if needed.

Will the Web Blocking list work without an IC2 subscription?
Yes, the Web Blocking list will continue to function without an IC2 subscription.

Will the Web Blocking list work for out-of-warranty devices?
Yes, the Web Blocking list will continue to function for out-of-warranty devices.

How is the Web Blocking List updated?
The Web Blocking List can be updated manually via the Status page or the Web Blocking List can be automatically updated whenever a new version is detected when “auto update” is selected.
image

3 Likes

Hi Peplink team

my name is Victor, what is the option for add to my balance 310 the section web blocking?

the last time i can did it but now this option is not avalible in my balance menu.

I have a Surf SoHo and just updated my firmware to 6.3.3. I do not see the web blocking preset categories. Can you please advise me regarding why?

Thanks

Please confirm your Surf SOHO’s Hardware Revision number.

This feature is supported on Surf SOHO Hardware Revision 2 and SOHO MK3. You may find the info in the release note below.

2 Likes

Thanks. I didn’t see that originally. I guess I don’t have it on mine. It’s Hardware Revision 1. Although I’d like to have that option, I’m not going to purchase another unit just for that.

Thanks for pointing it out.

Got burned today, (r20170307) with only Adware selected blocks Gotomeeting.

@Todd_Troutman

Do you have the details URLs for gomeeting that had been blocked ? We can actually recheck the URLs list.

2 Likes

Unfortunately no, the users are remote from me and were down to the wire to start a webinar so I had to just disable.

If this is the case, I would suggest exempting the User Groups or Subnets instead of disable the Content Blocking.

Hope this help.

2 Likes

Thank you TK that does help. One other question, does URL logging mark Content Blocked URL’s so that I can observe incidents of attempted access to Blocked URL’s?

Yes. You will see something like Domain <www.abc.com> has been blocked by content filtering category .

2 Likes

Updating the Content Filtering Database Blacklist?
The Status tab of my Surf Soho MK3 (7.0.2) shows a Content Filtering Database of (r20170307). Is the latest database 3 March 2017?
(I clicked on the Download (r20170307) hyperlink and the file blk_list_ssohomk3_2933D71744EC was downloaded to my computer, so there doesn’t appear to be a method for manual update.)

Hello. There are several sites blocked in the Lite version that make no sense at all being blocked. For example, youtube_com and netflix_com under “audio-video”, and hulu_com under webtv. That is enough to need to disable both categories for a home setting because I need access to them! (Manually adding each doesn’t work because they also use other sub-domains which are also blocked, so the videos still don’t play. For example, images_netflix_com is blocked under “ads”).

Other benign sites are rendered useless with certificate errors if any content blocking category is enabled at all, suck as lifehacker_com and people_com. Only disabling all categories allows them to work.

I think Content Blocking is going in the right direction, but the lack of granularity in the “lite” version and lack of more frequent database updates make this feature extremely limiting at the moment… at least for home-office users like myself.

Gabriel Mongefranco

I am using balance 310 and I need to block proxy/anonymizer sites and since it is using lite version, the proxy/anonymizer is not included on the options. Proxy sites are too many to add manually. Is there any other way to address this?

1 Like

To Peplink Support: How often do you plan to roll out updates to the content filtering database? The last update is quite old.

If this is too much to manage internally, how about letting end-users import our own CSV lists? That way we could import lists, for instance, from AdBlock Plus.

2 Likes

Better yet - Can we just get the ability to add our own data sources for content blocking?

I’ve been using PiHole and PfBlockerNG at home and found very nice curated lists like https://www.squidblacklist.org It just seems logical to me that that a single purpose professional service with a 100% stake in generating this type of data source as their product is going to be very intent on creating a premium business friendly product.

In addition to that, manipulating these blocklists in shell scripts is tremendously easy to do. I can’t see any business getting much benefit from the black box blocklists presented in Peplink. Open it up to custom data sources though and this becomes a very useful feature.

Going a little further - some reporting built into the UI on at least top domains that were blocked by the ruleset would also be huge. Not just for curiosity sake, if a list intended to block malicious domains suddenly has an unusual amount of blocking activity reported this is
yet another area to add easy visibility into harmful behavior on the network. And one thing that Peplink has done for me is make harmful traffic surprisingly visible through simply offering an easy high level view. This kind of reporting on custom blocklist activity would enhance that aspect of the product.

Not harshing on Peplink at all here, love the gear, and I appreciate the blocklist feature as a first attempt, but it looks to me like there is low hanging fruit here to expose this feature in a way that really enhances the product.

5 Likes

Blocking based on what? Who’s definition of “tobacco” for example?
Is there an appeal process? What does the user see, and if they feel there’s a mistake, what do they do?

2 Likes

It’s local, if there’s a problem you just whitelist it to override the blocklist. The user can see
whatever you want them to see by resolving to something local, if you want the effects visible that could be a bright red square.

is there a bulk way to do this with IC2 ?

2 Likes

Exatly this question I received today from one of our costumers.

They also need a possibility to create the content-Filter roules in a central side and bring it to all of the Peplink-Routers.
@TK_Liew do you have some informations if this can be implemented in IC2?

Thanks
Dennis

3 Likes