Web filter banned word blocking

• All FortiGate units

About the Web Filter

The Web Filter feature of the FortiGate unit scans the content of every web page that passes through the firewall. The system administrator can specify banned words and phrases and attach a numerical value, or score, to the importance of those words and phrases. When the Web Filter detects banned content, it sums the scores of banned words and phrases in the page. If the sum is higher than a threshold set in the Firewall Protection Profile, the FortiGate unit blocks the page.

How content is evaluated

Every time the Web Filter detects banned content on a web page, it adds the score for that content to the sum of scores for that web page. You set this score when you create a new banned pattern. The score can be any number from zero to 99999. Higher scores indicate more offensive content.

Banned words or phrases are evaluated according to the following rules:

• The score for each word or phrase is counted only once, even if that word or phrase appears many times in the web page.
• The score for any word in a phrase without quotation marks is counted.
• The score for a phrase in quotation marks is counted only if it appears exactly as written.

The following table describes how theses rules are applied to the contents of a web page. Consider the following sentence:“The score for each word or phrase is counted only once, even if that word or phrase appears many times in the web page.”

Wildcards and regular expressions

Blocked patterns defined as wildcards or regular expressions may have different results.

Wildcards are symbols, such as “*” or “?”, used to represent one or more characters. For example, as a wildcard expression, forti*.com will match fortinet.com and forticare.com. The “*” represents any kind of character appearing any number of times.

Regular expressions refers to Perl expressions, which use some of the same symbols as wildcard expressions, but for different purposes. The “*” represents the character before the symbol. For example, forti*.com will match fortiii.com but not fortinet.com or fortiice.com. The symbol “*” represents “i” in this case, appearing any number of times.

Perl regular expressions are case sensitive. The symbols /i are necessary to make the pattern matching case insensitive.

Perl regular expressions can be combined to create more sophisticated search patterns. See the Common Symbols table for examples.

Common symbols

Common search expressions

Setting the content threshold

The Web Filter will block any web pages for which the sum of scores for banned content exceeds the content block threshold.

To set the content block threshold

1. Go to Firewall > Protection Profile.
2. Select Edit for a protection profile.
3. Click the blue arrow for Web Filtering to expand the options.
4. Select Web Content Block to enable it.
5. Select the banned content list (in FortiGate-800 and above).
6. Enter the threshold for Web Content Block (FortiOS 3.0 only)

Adding banned words or phrases

You can specify banned words or phrases according to the syntax outlined above. The Web Filter must be enabled in the Firewall Protection Profile for the FortiGate unit to scan content for banned words and phrases and block inappropriate web pages.

In FortiGate units up to FortiGate-400:

1. Go to Web Filter > Content Block.
2. Select Create New.
3. Enter the new banned pattern (word or phrase).
4. Select the pattern type.
5. Select the language of the pattern.
6. Enter the score for the banned pattern.
7. Select Enable and select OK.

In FortiGate-800 and above:

1. Go to Web Filter > Content Block.
2. Select the Edit icon for a content block list.
3. Select Create New.
4. Enter the new banned pattern (word or phrase).
5. Select the pattern type.
6. Select the language of the pattern.
7. Enter the score for the banned pattern.
8. Select Enable and select OK.