Umbrella's content categories organize destinations—in this case, websites—by classifying them within content-based categories; for example, gambling, social networking, and alcohol. To block identity access to destinations that serve up content of a type (for example, pornography), you select content categories when adding a DNS policy or rules to the Web policy—either by selecting individual content categories or pre-configured sets of content categories.
DNS content categories only classify at the domain-layer. This means that if a domain contains multiple types of content a DNS content category setting only blocks what the domain is categorized as, irrespective of what other types of content might be served through that domain.
Web content categories classify full URLs, whereas DNS content categories only classify at the domain-layer. This means that if a domain contains multiple types of content a DNS policy can only block what the domain was categorized as, irrespective of what other types of content might be served in that domain.
- www.example.com is categorized as Online Communities
- www.example.com/sports is categorized as Sports
- www.example.com/adultimages is categorized as Adult
A DNS policy configured to block Online Communities blocks the entire domain of www.example.com. Even if it is configured to block Sports or Adult instead of Online Communities, it does not block access to these underlying URLs. This is because DNS only works at the domain layer.
However, the Web policy ruleset configured to block Online Communities and Adult allows access to www.example.com/sports because of URL-layer classification. Therefore, content settings are more granular when enforced by the Web policy than by a DNS policy. Also note that because web content is served over the web protocol, it is more pertinent to enforce content settings with the Web policy than a DNS policy whenever possible.
Updated about 1 month ago