Appcontrol

From Wiki of WFilter NG Firewall
(Difference between revisions)
Jump to: navigation, search
(Created page with "{{DISPLAYTITLE:App Control}} == Dynamic Filter == <p>'''Policy''':可以根据“影响工作”,“占用带宽”和“风险”三个标准去自动禁止符合标准...")
 
(External Links)
 
(7 intermediate revisions by one user not shown)
Line 1: Line 1:
{{DISPLAYTITLE:App Control}}
+
{{DISPLAYTITLE: Application Control}}
== Dynamic Filter ==
+
<p>'''Policy''':可以根据“影响工作”,“占用带宽”和“风险”三个标准去自动禁止符合标准的应用,每一个标准都有由低到高五个等级,可以根据需要去自行设置相应标准的等级,设置完成后,符合自动禁止条件的应用将被系统自动禁止。</p>
+
[[File:appcontrol_set_en.jpg]]
+
  
== 应用列表 ==
+
== Application Control ==
<p>'''应用列表''':该列表列出了我们支持的所有的应用协议,可以根据搜索条件进行查找,也可以对“应用名称”,“分类”,“影响工作”,“占用带宽”和“风险”这几列进行排序。</p>
+
 
<p>状态一列中,设置为“自动”,则匹配自动禁止的规则,设置为“禁止”,则视为用户手动禁止,设置为“允许”则不禁止该应用。“影响工作”,“占用带宽”和“风险”均为“-”的协议,不会被自动禁止规则所匹配,请手动设置。</p>
+
This module enables you to block and allow "applications", also named as "protocols".
<p>同步所有配置按钮会将当前显示列表中所有应用的配置同步为当前显示列表中第一个应用的配置。</p>
+
WFilter identifies each application by digital signature matching, even p2p applications can be completely blocked.
<p>设置为“优先”的协议将不会被其他策略禁止。例如:QQ离线文件是通过网站来转发的,如果你禁止了网站访问那么QQ离线文件也会被禁止。而一旦你对QQ文件传输设置了“优先”,那么QQ文件传输就不会被禁止掉。</p>
+
 
[[File:appcontrol_list_en.jpg]]
+
* Each client can be applied with multiple policies.
 +
* Every policy can set "applied to clients" and "effective time".
 +
* Besides the applied to "clients" and "time", detailed "app control policy" settings are described in below.
 +
 
 +
== Rule Evaluation ==
 +
 
 +
* "Match all" means all rules will be evaluate. A visit will be blocked if any rule blocked it.
 +
* "Match first" means only the first matched rule can block access. You can sort rules in this mode. For example, in "match first" mode, you can add a "block all" rule to all users. To allow a client, you can add an allow rule, and move this rule to top of the "block all".
 +
 
 +
[[File:ros_appcontrol_03.png|800px]]
 +
 
 +
== Policy Settings ==
 +
 
 +
[[File:ros_appcontrol_01.png|800px]]
 +
 
 +
* Block upload. Block sessions when outgoing traffic exceeds limit. This feature will check the outgoing traffic of every connection. If outgoing traffic exceeds the choosen limit, this connection will be terminated. '''Please note: normal sessions also have outgoing traffic, so this option has false positives. Set a larger limit can get less false positives.'''
 +
* Deny and Allow. You may check the applications list and set policy by clicking "edit".
 +
** If "state" is "Automatic", this application will match the "dynamic filter" rule. "Deny" state applications will be blocked. "Allow" state applications will not be blocked.
 +
** Applications with "-" properties won't be matched by "dynamic filter" rule.
 +
** When "Priority" is enabled, this application won't be blocked by other rules or modules. For example, For example, "qq file transfer" is relayed by websites; if you block web surfing, "qq file transfer" will also be blocked unless "Priority" of "qq file transfer" is enabled.
 +
 
 +
[[File:ros_appcontrol_02.png|650px]]
 +
* Every application(protocol) has three properties: "time-waisting", "bandwidth" and "risk". With dynamic filter, you can block applications by properties.
 +
** When dynamic filter is enabled, you still can set blocking for each application.
 +
** Every property has 1-5 five levels. For example, bandwidth(5-high) means this application occupies bandwidth in the highest level.
 +
 
 +
== External Links ==
 +
* [http://blog.wfilterngf.com/?p=330 How to block facebook videos streaming with WFilter NG firewall?]
 +
* [http://blog.wfilterngf.com/?p=324 How to block hotspot shield VPN in network with WFilter NG firewall?]
 +
* [http://blog.wfilterngf.com/?p=277 How to block torrent in lan with WFilter NG Firewall?]
 +
* [http://blog.wfilterngf.com/?p=27 WFilter NG Firewall can block IDM downloading in your network.]
 +
* [http://blog.wfilterngf.com/?p=19 Do not forget to block QUIZ to block youtube and other google sites.]
 +
* [http://blog.wfilterngf.com/?p=613 How to block uploading to https webpages?]

Latest revision as of 15:47, 13 March 2020


Contents

[edit] 1 Application Control

This module enables you to block and allow "applications", also named as "protocols". WFilter identifies each application by digital signature matching, even p2p applications can be completely blocked.

  • Each client can be applied with multiple policies.
  • Every policy can set "applied to clients" and "effective time".
  • Besides the applied to "clients" and "time", detailed "app control policy" settings are described in below.

[edit] 2 Rule Evaluation

  • "Match all" means all rules will be evaluate. A visit will be blocked if any rule blocked it.
  • "Match first" means only the first matched rule can block access. You can sort rules in this mode. For example, in "match first" mode, you can add a "block all" rule to all users. To allow a client, you can add an allow rule, and move this rule to top of the "block all".

Ros appcontrol 03.png

[edit] 3 Policy Settings

Ros appcontrol 01.png

  • Block upload. Block sessions when outgoing traffic exceeds limit. This feature will check the outgoing traffic of every connection. If outgoing traffic exceeds the choosen limit, this connection will be terminated. Please note: normal sessions also have outgoing traffic, so this option has false positives. Set a larger limit can get less false positives.
  • Deny and Allow. You may check the applications list and set policy by clicking "edit".
    • If "state" is "Automatic", this application will match the "dynamic filter" rule. "Deny" state applications will be blocked. "Allow" state applications will not be blocked.
    • Applications with "-" properties won't be matched by "dynamic filter" rule.
    • When "Priority" is enabled, this application won't be blocked by other rules or modules. For example, For example, "qq file transfer" is relayed by websites; if you block web surfing, "qq file transfer" will also be blocked unless "Priority" of "qq file transfer" is enabled.

Ros appcontrol 02.png

  • Every application(protocol) has three properties: "time-waisting", "bandwidth" and "risk". With dynamic filter, you can block applications by properties.
    • When dynamic filter is enabled, you still can set blocking for each application.
    • Every property has 1-5 five levels. For example, bandwidth(5-high) means this application occupies bandwidth in the highest level.

[edit] 4 External Links

Personal tools
Namespaces

Variants
Actions
Navigation
Tools