NxFilter is a freeware web-filter designed for enterprise surroundings. It began as a dns-filter. Now it gives web-proxy based mostly filtering as properly. NxFilter can do all the pieces you may count on from a dns-filter or a web-filter.
Quicker and lighter
Historically we made a web-filter based mostly on HTTP proxy server. There are lots of industrial merchandise based mostly on Squid proxy. However with this strategy you might need a critical latency drawback in your community. It’s because your net site visitors must undergo one level in your community that’s your web-filter and it turns into a bottle neck in your community. This latency drawback will get greater when you will have greater variety of customers. However there’s one other strategy. That’s DNS filtering and NxFilter is a dns-filter. It’s mainly a forwarding DNS server with filtering potential. Because it makes use of mild weight DNS protocol there’s no have to have your site visitors going by anyplace. You get no latency drawback with NxFilter.
Boosting up your Web velocity
Some customers reported that after they put in NxFilter on their community their Web velocity improved tremendously. It’s because NxFilter retains native cache for DNS lookup. Suppose in your community everyone makes use of Google public DNS server or your ISP DNS server. Their DNS queries have to be despatched to those DNS servers on the Web and your customers want to attend for the response again from these servers. However when you’ve got NxFilter in your community it retains cache for the DNS response from its upstream DNS servers and reduces the community site visitors tremendously and your customers don’t want to attend for the response from these DNS servers on the Web.
Despite the fact that it’s sooner and lighter than the normal web-proxy based mostly filtering, DNS filtering had its personal restrict prior to now. It didn’t assist consumer authentication. That is pure as a result of DNS protocol doesn’t have authentication scheme. It was the largest impediment for a dns-filter to be employed in real-world enterprise surroundings.
Nevertheless being a dns-filter, NxFilter gives four varieties of authentication strategies for consumer identification.
- IP based mostly authentication
- Password based mostly authentication
- LDAP authentication
- Single sign-on with Lively Listing
With NxFilter you may differentiate customers and apply totally different filtering insurance policies.
NxFilter helps utility management by its brokers, NxLogon and NxClient. With this function you may block UltraSurf, Tor, uTorrent, Skype, Minecraft and different functions you need to block.
- NxLogon is the Lively Listing single sign-on agent of NxFilter and NxClient is the distant consumer filtering agent for NxFilter.
There are lots of advantages solely from a dns-filter however we had to surrender a number of issues if we need to go along with a dns-filter to date. You possibly can’t implement safe-search and you’ll’t have key phrase filtering towards URL because it’s engaged on DNS degree. However now NxFilter gives web-proxy filtering by its brokers, NxLogon and NxClient. NxLogon and NxClient themselves are native web-proxy they usually can do no matter a web-filter can do. At the moment It helps safe-search implementing and URL key phrase filtering, IP host blocking.
One may assume offering these web-proxy brokers, NxFilter just isn’t a lightweight filtering answer anymore. But it surely nonetheless is. These web-proxy brokers are working as native web-proxy just for one consumer so it doesn’t trigger any community efficiency challenge.
Whenever you deploy a web-filter in your community. Probably the most tough half could be forcing filtering in your customers with out an excessive amount of problem. When you go along with a web-proxy based mostly filtering product you might want to setup all of the browsers pointing your web-filter as their proxy server. To make issues simpler you should utilize so referred to as ‘clear proxy’ setup so that you just don’t have to setup all of the browsers one after the other. However with the clear proxy setup you will have an issue for HTTPS filtering as it’s breaking the browser restriction for ‘man within the center assault’. Your browser won’t ship HTTPS request to your proxy should you attempt to redirect the site visitors transparently. And plus this clear proxy setup is sort of difficult even for a seasoned programs engineer.
When you go along with a dns-filter you might be free from all these hassles. You simply have to setup your DHCP server utilizing NxFilter because the DNS server for its purchasers. Then your customers will use NxFilter as their DNS server and they are going to be below filtering. Forcing filtering to customers can also be attainable. You possibly can block outgoing 53 port on UDP and TCP besides from NxFilter. Now NxFilter turns into the one DNS server your customers can use. It’s already clear and doesn’t trigger ‘man within the center assault’ drawback with HTTPS.
It’s not only for HTTP site visitors
If it’s a web-proxy based mostly filtering product you solely can filter HTTP and HTTPS however with DNS filtering you may filter nearly each protocols together with HTTP, HTTPS, FTP, P2P so long as they use DNS.
NxFilter can also be able to detecting malware and botnet based mostly on DNS packet inspection. It’s attainable as a result of NxFilter is engaged on DNS degree.
- DNS load stability choice eliminated on GUI.
- Dynamic DNS setup menu separated.
- 'use_negative_cache' choice added on 'DNS > Setup'.
- Detrimental cache TTL modified to 15 minutes.
- 'hide_ssl_warning' choice on cfg.properties file added.
- Rebuild Jahaslist when it's smaller than 1,200,000.
- Max customized categorized dimension adjusted to 300,000.
- v4.1.three of 'domain-pattern.txt' utilized.
- 'Jahaslist Repository' on 'NxClassifier > Setup' eliminated.
- DomainDic.unclassCntMap added.
- JahasDic cache enabled.
- 50 consumer trial license for Cloudlist included.
- Config.hostanme added for alert electronic mail.