The application is also able to apply advanced rules (access control list rules) in a policy. To configure these rules, select Admin UI / Policy / Filtering Rules / Advanced as shown on the following screenshot.
Currently the following access control list (ACL) types are supported. The implementation has some similarities with Squid ACLs although not all access control list names and not all access rules are supported for now.
|http_status||The decimal code of the HTTP response. The response code is taken from the HTTP response status, like
|dstdomain||Domain name of the origin site being connected to. This domain name is taken from the
|rep_mime_type||MIME type of the HTTP response. This value is taken from the
|req_mime_type||MIME type of the HTTP request. This value is taken from the
Any line starting with
# is considered a comment and ignored. Please use these comments to make the advanced configuration more understandable.
The following sections present some examples of using advanced filtering rules.
HTTP Status Code
The following example blocks HTTP responses with HTTP status code less than 100 and allows others through.
# define allowed and denied status codes acl allowed_status_codes http_status 200 301 400-403 500 acl denied_status_codes http_status -100 # allow and deny as required http_access allow allowed_status_codes http_access allow denied_status_codes
The following example allows HTTP requests to the search sites and blocks everything else.
# define domains acl search_engines dstdomain .duckduckgo.com .yahoo.com .google.com .bing.com # allow and deny as required http_access allow search_engines http_access deny all
Request and Response Content Types
The following example blocks video files from Facebook. Video files on other video hosting platforms, like YouTube are implicitly allowed.
# define facebook cdn acl facebook_cdn dstdomain .fbcdn.net # define response content type of a video file acl video_mp4 rep_mime_type video/mp4 # and deny it http_reply_access deny video_mp4 facebook_cdn
Block All Requests
The following example simply blocks all requests.
# define facebook cdn http_access deny all
all here is the built in access control list name meaning any request or response.