Guide to content modifications on Smoothwall

Article #:

Product

Castle

KB-43

Guardian

Any

Summary

This article provides a list of all the content modifications currently available along with some information as to what they do, which categories they should be applied against, and how they work.

Problem

Smoothwall provides several content modifications. This article aims to provide some more information about them and ensure that they are applied only to the pertinent categories to avoid unwanted and unexpected side effects.

Solution

There are several sections listed below which split the content modifications provided by Smoothwall into categories based on their behaviour. These categories are

  • Search based content modifications
  • Comment removal content modifications
  • General content modifications
  • Browser vulnerabilities content modifications
  • Antiquated content modifications

Each of these sections includes a summary of each content modification currently available along with what they do and which categories they should be targeted at.

  • Items marked as Important must be configured using specific targets for the rule to be effective and to avoid unexpected side effects
  • Items marked as Suggested should use specific targets to achieve maximum effectiveness and performance from your Guardian product.

 

Search based content modifications

These content modifications affect search queries made through Guardian, modifying the request to ensure that SafeSearch is always enabled, or modifying the response to ensure that inappropriate material is filtered out.

Rule

Description

‘What’ Target

Enforce Google SafeSearch [NEW]

Enforce Strict SafeSearch on Google without the need for Decrypt and Inspect

Web Search

Important

Force SafeSearch

Enforce SafeSearch on all major search engines

Everything

Important

Google Image Search: Basic Mode

Forces Google image searches to display in basic mode

Web Search

Important

Disable Google Instant

Disable Google instant predictions

Web Search

Important

 

Comment removal content modifications

These content modifications remove comments and comment systems which help to prevent inappropriate content being displayed on screen.

Rule

Description

‘What’ Target

YouTube Comment Removal

Removes comments from all YouTube videos.

YouTube

Important

Blogger Comment Removal

Remove comments added to blogs using the Blogger CMS system

Everything

Suggested

Facebook Comment Plugin Removal

Remove the Facebook comments social plugin from appearing on non-Facebook websites.

Everything

Suggested

WordPress Comment Removal

Remove comments added to blogs using the WordPress CMS system

Everything

Suggested

Disqus Comment Removal

Remove comments added to blogs using the Disqus CMS system

Everything

Suggested

 

General content modifications

These are general content modifications that affect everyday browsing or are targeted at a very specific service.

Rule

Description

‘What’ Target

BBC iPlayer - Enforce Parental Guidance Lock

Enforce Parental Guidance lock on BBC iPlayer

BBC iPlayer

Important

Remove QUIC Header

Remove the QUIC header from requests and prevent access to websites over UDP 80/443

Everything

Suggested

YouTube - Disable Auto Play

Prevent YouTube from automatically playing the next video in the playlist.

YouTube

Important

YouTube SafetyMode Cookie Enforce YouTube restricted mode on your network which helps filter out potentially mature content. This works by inserting a cookie that enforces Restricted Mode. HTTPS Decrypt and Inspect is necessary for this to work. This content modification should be used if you do not use GSuite for Education. YouTube Important

YouTube Restricted Mode

Enforce YouTube restricted mode on your network which helps filter out potentially mature content. This works by rewriting the HTTPS connect header to restrict.youtube.com. HTTPS Decrypt and Inspect is not necessary for this to work. This content modification is most appropriate if you use GSuite for Education.

YouTube

Important

All Popups

Prevent links from opening in a popup window

Everything

Suggested

onUnload Popups

Prevent JavaScript from being executed when leaving a webpage

Everything

Suggested

unsolicited Popups

Prevent JavaScript from opening popup windows

Everything

Suggested

Blink Tags

Remove <blink> and <marquee> tags

Everything

Suggested

Web Bugs

Remove 1x1 GIFs used for user tracking

Everything

Suggested

Window Moving

Prevent windows from resizing and moving themselves

Everything

Suggested

 

Browser Vulnerabilities content modifications

These content modifications aim to prevent known browser vulnerabilities from being exploited.

Rule

Description

‘What’ Target

IE VML Rect tag Exploit

Removes vector graphics that could contain malicious code

Everything

Suggested

WPAD Hijacking

Prevent Internet Explorer proxy autodetection retrieving proxy settings from external sites.

Everything

Suggested

Microsoft HCP links

Remove “hcp://” links which may exploit Windows Help Center vulnerabilities

Everything

Suggested

Program Execution via Cross-site Scripting

Warn about potential cross-site scripting vulnerabilities

Everything

Suggested

Escaped Shell Code

Removes escape Unicode “shellcode” from JavaScript

Everything

Suggested

 

Antiquated content modifications

The following content modifications are considered antiquated and will be removed over time. Some of these content modifications prevent browser vulnerabilities from being exploited but have since been patched; and some are simply content modifications that are no longer required.

Rule

Description

‘What’ Target

firefoxurl: Cross-browser Exploit

Prevent ‘firefoxurl://’ URLs from being opened

Everything

Suggested

Firefox Cookie Stealing

Prevent vulnerability in Firefox (up to version 2.0.0.1) which allowed for cookies to be stolen

Everything

Suggested

Firefox DoS

Removes various DoS attacks targeting Firefox upto and including version 1.0.7.

Everything

Suggested

Firefox JavaScript Information Leak

Prevent vulnerability in Firefox which exposes private data

Everything

Suggested

Disable iGoogle

Prevent users on the network from being able to use iGoogle

Web Search

Suggested

Nimda

Attempt to detect and stop Nimda infected server’s web pages.

Everything

Suggested

Body onLoad Action

Remove <body onload=> from HTML to prevent DoS on Internet Explorer 5.5 and 6

Everything

Suggested

CSS Cross-site Scripting

Remove the CSS import tag to prevent an antiquated Internet Explorer vulnerability

Everything

Suggested

CVE-2009-1136

Prevents exploitation of vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution

Everything

Suggested

DirectAnim Exploits

Removes exploits in IE6 related to the DirectAnimation ActiveX control

Everything

Suggested

DirectX Media SDK Exploit

Removes DirectX Media SDK version 6.0 ActiveX exploit

Everything

Suggested

Disable createTextRange

Disables the createTextRange() JavaScript function, which can be used to execute arbitrary code in Internet Explorer 6 and Internet Explorer 7 Beta 2

Everything

Suggested

IE WebViewFolderIcon Exploit

Removes exploit relating to the setSlice method of the WebViewFolderIcon ActiveX control in IE 6

Everything

Suggested

IE Remote Code Execution

Prevent Internet Explorer remote code execution. See Microsoft Security Advisory 961051

Everything

Suggested

URI handling command execution

Prevents a vulnerability in Firefox running on Windows which enables remote command execution through URI handlers such as mailto

Everything

Suggested

 

Attribution:

Last updated:

Author:

Contributions by:

19 June 2017

Chris Smith

 

 

 


Copyright © 2000-2018 Smoothwall All rights reserved.