This article explains how to use the Content Restriction feature to restrict and block users from searching for explicit Internet content.
You can configure an Internet Content Restriction policy to define how the Cato Cloud manages Internet search engines and YouTube content. The DNS server in the Cato Cloud creates a CNAME (canonical name) record for these conditions to redirect the appropriate Internet traffic:
-
Google search engine routes to forcesafesearch.google.com
-
Bing search engine routes to strict.bing.com
-
Strict YouTube policy routes to restrict.youtube.com
-
Moderate YouTube policy routes to restrictmoderate.youtube.com
When the Content Restriction feature is enabled, the appropriate SafeSearch settings for the Google, Bing, or YouTube search engines are applied to the Internet or YouTube search. For example, if a user searched for nudity, the search engine SafeSearch filter removes all the results that are explicit. The search engine only shows websites with no explicit content. However, if a user browsed directly to www.explicit_sample.com, the connection to the website doesn't use the search engine and isn't restricted.
If you believe that content is classified incorrectly, please contact the appropriate Internet search engine or YouTube.
Note
Note: You can use the Internet firewall to block specific websites or categories. For more information, see What is the Cato Internet Firewall?.
To configure the Content Restriction policy for your account:
-
From the navigation pane, click Security > Content Restriction.
-
Select each Search Engine that is included in the Content Restriction policy.
-
If you are including YouTube in the policy, configure the settings for the YouTube content restrictions:
-
To enforce the content policy for YouTube, select YouTube content restrictions.
-
In Restrictions Level, select to enforce Moderate or Strict content restrictions.
-
-
Click Save.
When you implement Content Restrictions, it's possible that cached data in servers and user devices may prevent the traffic redirection required for enforcing the restrictions. We therefore recommend the following best practices when you first configure the restrictions:
-
If your environment has internal DNS servers, clear the DNS cache on the servers
-
Clear all cached DNS data on user devices, and clear all browser caches and cookies
Internet browsers include an option to use DNS over HTTPS (DoH) as an additional security measure. When DoH is enabled for a browser, then it bypasses the SafeSearch settings in the Content Restriction policy. This means that even if the Content Restriction feature is enabled for your account, it doesn't apply to browsers that are using DoH for secure DNS.
Each browser has different DoH settings:
-
Is DoH enabled by default for the browser?
-
Some browsers (such as Chrome and Firefox) automatically disable DoH when they detect that the computer is managed by an organization
For accounts that enable the Content Restriction feature, we recommend that you review the browsers that are used in your organization and the specific DoH settings.
2 comments
Guide is out of date. Security page no longer says Content Policy and in fact says Content Restrictions
Mark,
Thanks so much for your help! We updated the article and screenshot.
Yaakov
Please sign in to leave a comment.