|
In residential deployments, Internet content filtering is usually described as Parental Controls and in business deployments as appropriate use enforcement. Effective content filtering relies on two steps, pre-classification and dynamic evaluation of Internet sites. Pre-classification establishes, for each site, membership in none, one or more the classes of interest. Sites are discovered by extensive automated web crawling. Then, as sites are discovered, the content of each page is automatically evaluated. Dynamic evaluation involves using an HTTP proxy to detect each and every web access and then checking the target site against the classificatins database and the filters set for the current site or device or user. Automatic discovery and evaluation is demonstrably a highly effective approach to site categorization but not fool-proof. It is, for example, possible for a subscriber to visit a site that has not yet been discovered by a web crawler. Many subscribers are interested in content filtering to protect the most vulnerable family members, young children. This market is served by only allowing access to sites that have been manually evaluated and categorized as suitable for young children. 
Content filtering is usually deployed as a subscription sevice. Subscribers control the service (define and maintain content filters) through a web interface. The service can be offered as a free-standing application with device specific filtering) or combined with user management (for user specific filtering). The application will adapt to the presence or absence of the user management application in the specific router/gateway. 
The following is a list of current filter classes. Any Internet site may be a member of none, one or more classes. The vast majority of sites are not in any of these classes:
| |
|
Positively Vetted Class |
| |
|
Young Child Appropriate |
| |
|
|
| |
|
Anti-Social Classes |
| |
|
Alcohol |
| |
|
Criminal Skills |
| |
|
Cult |
| |
|
Drugs |
| |
|
Gambling |
| |
|
Gaming |
| |
|
Hacking |
| |
|
Hate |
| |
|
Occult |
| |
|
Tobacco |
| |
|
|
| |
|
Mature Content Classes |
| |
|
Abortion |
| |
|
Chat |
| |
|
Glamor |
| |
|
Lifestyles |
| |
|
Lingerie |
| |
|
Mature Content |
| |
|
Nudism & Naturism |
| |
|
Peer to Peer |
| |
|
Personals and Dating |
| |
|
Pornography |
| |
|
Sexual Advice |
| |
|
Sexual Education |
| |
|
Sexual Orientation |
| |
|
|
| |
|
Violent Content Classes |
| |
|
Suicide |
| |
|
Violence |
| |
|
Weapons |
| |
|
|
| |
|
Productivity Classes |
| |
|
Finance |
| |
|
Job Search |
| |
|
News |
| |
|
Shopping |
| |
|
Sports |
| |
|
Travel |
Filter settings are expressed as bit maps with one bit for each class. Thus a filter may include or exclude any combination of the classes shown above. It is also relaively easy to create high level filtering options based on category and/or age range. The scope of a filter can, within the application capabilities of the router/gateway be set to any of the following: All HTTP Traffic The filtering mechanism is not sensitive to the device or user originating the request. This setting is most appropriate in business deployments where appropriate use is defined by an organization-wide policy. HTTP Traffic for a Specific Device The filter applies to requests originating from the specific device. The filter has no effect on requests originating from other devices. This setting is most appropriate in residential deployments where user log-on is not implemented at the gateway level and a different family members use different computers. HTTP Traffic for a Specific User The filter applies to requests originating from a specific user regardless of where (which device(s)) the user is currently located. This setting is most appropriate in residential deployments where all family members share the same computer(s). 
For each Internet access, the filtering mechanism will first attempt to apply a filter for the 'Specific User', if no filter is found it will attempt to apply a filter for the 'Specific Device', if no filter is found it will attempt to apply a filter for 'All Traffic', if no filter is found the access is allowed. Once a filter is determined to be applicable, the 'Young Child Appropriate' class pre-empts all other classes, see Inclusive vs Exclusive Filters below. A maximum of one filter may exist for:
- All Traffic
- Each Device
- Each User
Selection of the 'Young Child Appropriate' class activates inclusive logic, meaning access is only allowed to sites that are members of the class, access to all other sites is blocked. Selection of a class other than 'Young Child Appropriate' activates exclusive logic, meaning that access to sites that are members of that class is blocked.
When access to a site is blocked by a content filter a page is returned to the requestor stating that an Internet Content Filter caused access to be blocked. By selecting a link on the page the requestor can see (a) the page requested, (b) the categorization(s) of the requested page, and (c) the filter that caused access to be blocked.
|
