Content Filtering
Manage and restrict access to undesirable or harmful web content across your network using DNS-based policies.
Altostrat’s Content Filtering service helps you enforce network usage standards by allowing you to block or restrict access to websites and online services based on predefined categories (like adult content, streaming media, or social networking). This ensures network usage aligns with your organization’s Acceptable Use Policies.
The filtering is primarily achieved through DNS manipulation; when a site is assigned a Content Filtering policy, its DNS requests are typically routed through Altostrat’s filtering nameservers, which block queries to prohibited domains based on the policy rules.
Key Features
- Category-Based Blocking: Efficiently block large groups of websites based on content categories (e.g., Gambling, Malware, Phishing).
- SafeSearch & Restricted Mode: Enforce SafeSearch for Google and Bing, and activate YouTube’s Restricted Mode to filter explicit search results and videos.
- Filtering Avoidance Prevention: Block access to known DNS proxies, anonymizers, and VPN services commonly used to circumvent filters.
- Custom Allow/Block Lists: Define specific domains to always allow (whitelist) or always block (blacklist), overriding category rules.
- Detailed Traffic Analytics: Review logs and statistics to understand DNS query patterns and identify blocked or allowed domains/categories.
Creating a Content Filter Policy
Follow these steps to set up a new policy:
Navigate to Content Filtering Policies
From your Altostrat Dashboard, go to Policies → Content Filtering. Click Add or + New to initiate the creation process.
Click Add or + New again on the policy list page.
Configure Policy Settings
Provide a clear Policy Name (e.g., “Standard Employee Policy”, “Guest Network Restrictions”).
- Choose Categories: Select the content categories you wish to block. You can expand groups to select specific sub-categories. (View available categories via API).
- SafeSearch Settings: Enable SafeSearch enforcement for major search engines and set YouTube’s Restricted Mode as needed. (View SafeSearch options via API).
- Custom Domains: Add specific domains to your Allow List or Block List.
Save and Apply the Policy
Click Save or Add to create the policy. To apply it to one or more sites:
- Navigate to your Sites list.
- Select a target site.
- In the site’s configuration settings, locate the Content Filter Policy section and choose your newly created policy from the dropdown. (Assign policy to site via API).
Allow a few moments for the policy changes to propagate to the router’s configuration. If the router is behind NAT, ensure the Management VPN is active and correctly configured for Altostrat to push the update.
Editing a Content Filtering Policy
To modify an existing policy:
Navigate to Content Filtering Policies
Go to Policies → Content Filtering in the Altostrat portal.
Select the Policy to Edit
Click on the name of the policy you wish to update. This will open its configuration settings.
Update Settings
Modify the policy as needed: toggle categories, adjust SafeSearch settings, or manage custom domain lists.
Save Changes
Click Save or Update. The changes will automatically propagate to all sites currently assigned this policy. (Update policy via API).
Removing a Content Filtering Policy
Deleting a policy also removes its configuration from any sites currently using it. These sites will revert to default DNS settings (no filtering) or fall back to another assigned policy if applicable. Ensure this is the intended outcome before proceeding.
Navigate to Content Filtering Policies
Go to Policies → Content Filtering. Locate the policy you intend to remove.
Delete the Policy
Select the policy, then click the Trash or Remove icon associated with it. Confirm your decision when prompted. (Delete policy via API).
To completely disable Content Filtering for specific sites without deleting the policy itself, navigate to the site’s configuration and either assign a different policy (or no policy) or remove the site’s association with the current policy. (Remove policy from site via API).
Programmatic Management (API)
Content Filtering policies and their assignments can also be managed programmatically using the Altostrat API. Key endpoints include:
- Create Policy:
POST /policy
(API Docs) - List Policies:
GET /policy
(API Docs) - Get Policy Details:
GET /policy/{policy}
(API Docs) - Update Policy:
PUT /policy/{policy}
(API Docs) - Delete Policy:
DELETE /policy/{policy}
(API Docs) - Assign Policy to Site:
POST /{site_id}
(API Docs) - Remove Policy from Site:
DELETE /{site_id}
(API Docs)
Refer to the specific API documentation for request/response details and required permissions.
Best Practices
- Start Conservatively, Refine Gradually: Begin by blocking only the most critical or universally unacceptable content categories. Monitor logs and user feedback, then refine the policy by adding more categories or creating specific domain exceptions (allow/block lists) as needed.
- Test Policies: Before applying a new or modified policy broadly, test it on a non-critical site or segment to ensure it behaves as expected and doesn’t unintentionally block necessary resources.
- Regularly Review Logs: Periodically examine DNS query logs and filtering statistics to understand traffic patterns, identify frequently blocked sites (which might indicate policy gaps or user needs), and ensure the policy remains effective.
- Combine with Other Security Layers: Content Filtering is one part of a layered security strategy. Complement it by enabling features like Security Essentials for threat intelligence feeds and firewall rules.
- Communicate Policies to Users: Ensure employees, guests, or other network users are aware of the Acceptable Use Policy and understand why certain content might be restricted. This minimizes confusion and support requests.