Appcontrol
From Wiki of WFilter NG Firewall
(Difference between revisions)
(→External Links) |
|||
| (5 intermediate revisions by one user not shown) | |||
| Line 13: | Line 13: | ||
* "Match all" means all rules will be evaluate. A visit will be blocked if any rule blocked it. | * "Match all" means all rules will be evaluate. A visit will be blocked if any rule blocked it. | ||
| − | * "Match first" means only the first matched rule can block access. You can sort rules in this mode. | + | * "Match first" means only the first matched rule can block access. You can sort rules in this mode. For example, in "match first" mode, you can add a "block all" rule to all users. To allow a client, you can add an allow rule, and move this rule to top of the "block all". |
| − | + | ||
| − | [[File:ros_appcontrol_03.png| | + | [[File:ros_appcontrol_03.png|800px]] |
| − | == | + | == Policy Settings == |
| − | + | [[File:ros_appcontrol_01.png|800px]] | |
| − | + | ||
| − | + | ||
| − | + | * Block upload. Block sessions when outgoing traffic exceeds limit. This feature will check the outgoing traffic of every connection. If outgoing traffic exceeds the choosen limit, this connection will be terminated. '''Please note: normal sessions also have outgoing traffic, so this option has false positives. Set a larger limit can get less false positives.''' | |
| + | * Deny and Allow. You may check the applications list and set policy by clicking "edit". | ||
| + | ** If "state" is "Automatic", this application will match the "dynamic filter" rule. "Deny" state applications will be blocked. "Allow" state applications will not be blocked. | ||
| + | ** Applications with "-" properties won't be matched by "dynamic filter" rule. | ||
| + | ** When "Priority" is enabled, this application won't be blocked by other rules or modules. For example, For example, "qq file transfer" is relayed by websites; if you block web surfing, "qq file transfer" will also be blocked unless "Priority" of "qq file transfer" is enabled. | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
[[File:ros_appcontrol_02.png|650px]] | [[File:ros_appcontrol_02.png|650px]] | ||
| + | * Every application(protocol) has three properties: "time-waisting", "bandwidth" and "risk". With dynamic filter, you can block applications by properties. | ||
| + | ** When dynamic filter is enabled, you still can set blocking for each application. | ||
| + | ** Every property has 1-5 five levels. For example, bandwidth(5-high) means this application occupies bandwidth in the highest level. | ||
| + | |||
| + | == External Links == | ||
| + | * [http://blog.wfilterngf.com/?p=330 How to block facebook videos streaming with WFilter NG firewall?] | ||
| + | * [http://blog.wfilterngf.com/?p=324 How to block hotspot shield VPN in network with WFilter NG firewall?] | ||
| + | * [http://blog.wfilterngf.com/?p=277 How to block torrent in lan with WFilter NG Firewall?] | ||
| + | * [http://blog.wfilterngf.com/?p=27 WFilter NG Firewall can block IDM downloading in your network.] | ||
| + | * [http://blog.wfilterngf.com/?p=19 Do not forget to block QUIZ to block youtube and other google sites.] | ||
| + | * [http://blog.wfilterngf.com/?p=613 How to block uploading to https webpages?] | ||
Latest revision as of 15:47, 13 March 2020
Contents |
[edit] 1 Application Control
This module enables you to block and allow "applications", also named as "protocols". WFilter identifies each application by digital signature matching, even p2p applications can be completely blocked.
- Each client can be applied with multiple policies.
- Every policy can set "applied to clients" and "effective time".
- Besides the applied to "clients" and "time", detailed "app control policy" settings are described in below.
[edit] 2 Rule Evaluation
- "Match all" means all rules will be evaluate. A visit will be blocked if any rule blocked it.
- "Match first" means only the first matched rule can block access. You can sort rules in this mode. For example, in "match first" mode, you can add a "block all" rule to all users. To allow a client, you can add an allow rule, and move this rule to top of the "block all".
[edit] 3 Policy Settings
- Block upload. Block sessions when outgoing traffic exceeds limit. This feature will check the outgoing traffic of every connection. If outgoing traffic exceeds the choosen limit, this connection will be terminated. Please note: normal sessions also have outgoing traffic, so this option has false positives. Set a larger limit can get less false positives.
- Deny and Allow. You may check the applications list and set policy by clicking "edit".
- If "state" is "Automatic", this application will match the "dynamic filter" rule. "Deny" state applications will be blocked. "Allow" state applications will not be blocked.
- Applications with "-" properties won't be matched by "dynamic filter" rule.
- When "Priority" is enabled, this application won't be blocked by other rules or modules. For example, For example, "qq file transfer" is relayed by websites; if you block web surfing, "qq file transfer" will also be blocked unless "Priority" of "qq file transfer" is enabled.
- Every application(protocol) has three properties: "time-waisting", "bandwidth" and "risk". With dynamic filter, you can block applications by properties.
- When dynamic filter is enabled, you still can set blocking for each application.
- Every property has 1-5 five levels. For example, bandwidth(5-high) means this application occupies bandwidth in the highest level.
[edit] 4 External Links
- How to block facebook videos streaming with WFilter NG firewall?
- How to block hotspot shield VPN in network with WFilter NG firewall?
- How to block torrent in lan with WFilter NG Firewall?
- WFilter NG Firewall can block IDM downloading in your network.
- Do not forget to block QUIZ to block youtube and other google sites.
- How to block uploading to https webpages?
