Proxy Server - Uses of Proxy Servers - Filtering

Filtering

Further information: Content-control software

A content-filtering web proxy server provides administrative control over the content that may be relayed in one or both directions through the proxy. It is commonly used in both commercial and non-commercial organizations (especially schools) to ensure that Internet usage conforms to acceptable use policy. In some cases users can circumvent the proxy, since there are services designed to proxy information from a filtered website through a non filtered site to allow it through the user's proxy.

A content filtering proxy will often support user authentication, to control web access. It also usually produces logs, either to give detailed information about the URLs accessed by specific users, or to monitor bandwidth usage statistics. It may also communicate to daemon-based and/or ICAP-based antivirus software to provide security against virus and other malware by scanning incoming content in real time before it enters the network.

Many work places, schools, and colleges restrict the web sites and online services that are made available in their buildings. This is done either with a specialized proxy, called a content filter (both commercial and free products are available), or by using a cache-extension protocol such as ICAP, that allows plug-in extensions to an open caching architecture.

Some common methods used for content filtering include: URL or DNS blacklists, URL regex filtering, MIME filtering, or content keyword filtering. Some products have been known to employ content analysis techniques to look for traits commonly used by certain types of content providers.

Requests made to the open internet must first pass through an outbound proxy filter. The web-filtering company provides a database of URL patterns (regular expressions) with associated content attributes. This database is updated weekly by site-wide subscription, much like a virus filter subscription. The administrator instructs the web filter to ban broad classes of content (such as sports, pornography, online shopping, gambling, or social networking). Requests that match a banned URL pattern are rejected immediately.

Assuming the requested URL is acceptable, the content is then fetched by the proxy. At this point a dynamic filter may be applied on the return path. For example, JPEG files could be blocked based on fleshtone matches, or language filters could dynamically detect unwanted language. If the content is rejected then an HTTP fetch error is returned and nothing is cached.

Extranet Publishing: a reverse proxy server facing the Internet can be used to communicate to a firewalled server internal to an organization, providing extranet access to some functions while keeping the servers behind the firewalls. If used in this way, security measures should be considered to protect the rest of your infrastructure in case this server is compromised, as its web application is exposed to attack from the Internet

Most web filtering companies use an internet-wide crawling robot that assesses the likelihood that a content is a certain type. The resultant database is then corrected by manual labor based on complaints or known flaws in the content-matching algorithms.

Web filtering proxies are not able to peer inside secure sockets HTTP transactions, assuming the chain-of-trust of SSL/TLS has not been tampered with. As a result, users wanting to bypass web filtering will typically search the internet for an open and anonymous HTTPS transparent proxy. They will then program their browser to proxy all requests through the web filter to this anonymous proxy. Those requests will be encrypted with https. The web filter cannot distinguish these transactions from, say, a legitimate access to a financial website. Thus, content filters are only effective against unsophisticated users.

As mentioned above, the SSL/TLS chain-of-trust does rely on trusted root certificate authorities; in a workplace setting where the client is managed by the organization, trust might be granted to a root certificate whose private key is known to the proxy. Concretely, a root certificate generated by the proxy is installed into the browser CA list by IT staff. In such scenarios, proxy analysis of the contents of a SSL/TLS transaction becomes possible. The proxy is effectively operating a man-in-the-middle attack, allowed by the client's trust of a root certificate the proxy owns.

A special case of web proxies is "CGI proxies". These are web sites that allow a user to access a site through them. They generally use PHP or CGI to implement the proxy functionality. These types of proxies are frequently used to gain access to web sites blocked by corporate or school proxies. Since they also hide the user's own IP address from the web sites they access through the proxy, they are sometimes also used to gain a degree of anonymity, called "Proxy Avoidance".

Read more about this topic:  Proxy Server, Uses of Proxy Servers

Other articles related to "filtering":

Cyberethics - Accessibility, Censorship and Filtering
... Accessibility, censorship and filtering bring up many ethical issues that have several branches in cyberethics ... Internet censorship and filtering are used to control or suppress the publishing or accessing of information ... issues are similar to offline censorship and filtering ...
List Of Sega Arcade System Boards - Triforce - Specifications
... bump mapping, environment mapping, mipmapping, bilinear filtering, trilinear filtering, anisotropic filtering, real-time hardware texture decompression (S3TC), real-time decompression of display list, embedded ...
List Of Computer Vision Topics - Filtering, Fourier and Wavelet Transforms and Image Compression
... Image compression Filter bank Gabor filter JPEG 2000 Adaptive filtering. ...
Seismic Unix - SU Programs - Filtering, Transforms and Attributes
... One-Dimensional Filtering suband Trapezoid-like Sin squared tapered Bandpass filter via SUFILTER subfilt apply Butterworth bandpass filter suconv convolution with user-supplied filter sueipofi ... Input is TIME DOMAIN data supef Wiener predictive error filtering supofilt POlarization FILTer for three-component data sushape Wiener shaping filter sutvband time-variant bandpass filter (sine-squared taper ...
Composite Image Filter - History
... filters originated at AT T, who were interested in developing filtering that could be used with the multiplexing of many telephone channels on to a single cable ... these signals that gave rise to the need for advanced filtering techniques ... George Campbell worked on filtering from 1910 onwards and invented the constant k filter ...