Internet Usage Monitoring
1 Internet Usage Monitoring
The "Internet Usage Monitoring" module records internet activities, including:
- Web Surf
- Web Post
- HTTPS Inspection
- Outgoing Emails
- Incoming Emails
- SSL Email Inspection
- IP-MAC History
This module works both in "gateway mode" and "bridge mode". Enterprise license is required.
2 Recording Policy
For every client, multiple policies can be applied. For example:
- A policy: record web surfing for a whole subnet.
- B policy: enable "https inspection" for a special IP in this subnet.
For this ip, both "web surfing recording" and "https inspection" will be enabled.
Besides the applied to "clients" and "time", detailed "recording policy" settings are described in below.
2.1 Web Recording
- Web Surf: record titles of visited web pages for http websites. For https websites, only domains will be recorded. To record https webpages, please enable "HTTPS Inspector".
- Web Post: record web post content for http websites. To record https web posts, you need to enable "HTTPS Inspector".
- Web Post Size Limit: no recording of web post exceeds size limit.
- HTTPS Inspector: This feature enables you to inspect surfing and posting content for https websites. Please check: #SSL Inspection
- Smart Filter: With this feature enabled, WFilter will not record visits by non-human. (Not 100% accurate)
- Domains Exception: no recording of domains in the exception list. Wildcards "*?" are supported.
2.2 Email Recording
- Emails exceed size limit will not be recorded.
- Emails supported: SMTP, POP3, IMAP4 and outgoing web-based emails.
- If "SSL Emails Inspector" is disabled, only plain SMTP, POP3, IMAP4 and http web-based emails can be recorded.
- To record ssl emails(SMTP/POP/IMAP over SSL), you need to enable "SSL Emails Inspector" option. Please check: #SSL Inspection
- STARTTLS of SMTP/POP3/IMAP can not be recorded.
3 Advanced Settings
3.1 SSL Certificate
- This "SSL Certificate" will replace remote server's certificate for SSL interception.
- When "HTTPS Inspector" is enabled, there will be a certificate warning in the client browser. You may download and import this certificate into "trusted root certification authorities store" to silence client browser.
- You can click "Replace" to generate a new certificate.
- Enable Debug: write debug logs for diagnose.
- Database Commit: the database commit frequency.
- Additional Webmail Domains: Custom webmails to be recorded.
4 SSL Inspection
SSL Inspection is based on [Man-in-the-middle attack]. It redirects SSL connections to a local SSL server, so it can intercept the ssl traffic. Though it can decode SSL traffic, there are some disadvantages you should know:
- Performance issue. Please check: SSL Inspector Performance
- Certificate warning issue. With https inspector enabled, there will be certificate warning. To silence client browser, please follow below steps to import WFilter's certificate into "trusted root certification authorities store" in client devices.
4.1 HTTPS Inspector
- There will be a certificate warning when visiting https websites. You may choose "continue to this website" to access this site, web surf and post will be recorded.
To get rid of this certificate warning, please follow below steps:
- Download WFilter's certificate
- Double click the "ca.crt" file, click "Install Certificate" and "Next". Enable "place all certificates in the following store" and choose "trusted root certification authorities". Then "Next" and "Finish".
- The certificate warning won't appear again.
- And this https visiting will be recorded.
4.2 SSL Email Inspection
There are three types of email connection.
- Plain text, emails can be recorded without "SSL Email Inspection".
- STARTTLS, even "SSL Email Inspection" can not record it.
- SSL/TLS, with "SSL Email Inspection" enabled, emails via SSL connections can be recorded.
Let's take "Mozilla Thunderbird" as an example:
Please notice: to record https web emails, you need to enable "HTTPS Inspector" for this https website.