This article is for IT support.
A high-level overview of domain structure showing the subdomain, domain, Top-Level Domain (TLD), TLD Extensions and Country Code TLD. School Manager allows you to apply policies to Top-Level Domain Extensions (TLDE) or Country-Code Top-Level Domains (ccTLD), allowing you to block or allow all websites within that TLDE or ccTLD.
For example, you may wish to block all websites with the .tk or .ml TLDE, or allow all websites within the .nz or .uk TLDE. In this example, we have blocked the .uk Country Code TLD. The user can access google.com, but google.co.uk is blocked.
Blocking or Allowing a Top-Level Domain Extension
Blocking or Allowing a TLDE is a two-step process that requires you to:
- Create a special Object Pool containing TLDEs you want to block.
- Create a content filtering policy using the new Object Pool.
Creating a special TLDE Object Pool
Please pay particular attention to step three, even if you are familiar with creating Object Pools.
- In School Manager, go to Configurations > Objects > Pools
- Create a new Object Pool using the Website List type. Make a note of the Pool’s name.
- Add two entries for each TLDE you want to create a filtering policy on:
one that includes the period at the start of the TLDE. For example, .tk, .ml, .nz
one that omits the period at the start of the TLDE. For example, tk, ml, nz
An example Object Pool that can be used to filter on the .ml and .tk TLD extensions. Note that each domain is listed twice, once with a period before the domain and once without.
Creating the Block or Allow Policy
- Go to Filtering > Content Filtering
- Select + Create Policy
- Name the Policy according to your naming conventions. We recommend something like: [Action] - [Pool Name] Object Pool - [Scope].
Allow - New Zealand TLDE Object Pool - All Users
Force Block - Commonly Malicious Domains Object Pool - All Students
- Enter the name of the Object Pool into the Search for Website/Category field and select it from the dropdown list. It will appear as a Custom List category.
- Set the remaining fields as required and click Save
- Check the order of your policies and, if necessary, rearrange the order so that the new policy:
Sits below any exceptions to the new policy.
Sits above any policies the new policy should override
In this example, the policy ensures key internet infrastructure sites are always available sits above the new policy blocking commonly malicious domains. This ensures that those infrastructure sites will be available even if they have a domain on the blocked list.
You can update this policy with more entries by editing the entries in the Object Pool. Simply open the Object Pool and add/remove entries.
Frequently Asked Questions
Why do I need to make two entries for each TLDE?
Two of the key components of your filtering system, School Manager and your physical appliance, read domains differently. One requires a period at the start to ‘see’ the domain while the other won’t ‘see’ it if it does. We’re working on changing this so that they both read domains in the same way.
Can I use the Domain List Object Pool type instead of the Website List type?
No. You can’t use the Domain List Object Pool type to filter TLDEs. You must use the Website List type.
Can teachers create filtering policies on TLDEs using Classwize?
No. You can only create and apply filtering policies on TLDEs in School Manager.
What happens if I create a policy using .com, .org, or another common Top-Level Domain as a TLDE?
Do not create policies for common Top-Level Domains unless absolutely necessary.
Blocking Top Level Domains is possible but it can interfere with the operation of your network and your ability to teach classes. For example, applying a block to the .co TLD applies to all sites using the .co TLD, including all .co.uk, .co.nz, .co.jp and .co.kr domains. Blocking the .com TLD would block all .com sites, including all .com.au sites, and many core internet infrastructure sites like google.com or aws.com.
Why don’t my users get the block page not showing when filtered by a physical appliance?
In most cases, we perform a selective SSL inspection. Sites that are not included in the inspection criteria will not be blocked. Contact Linewize Support to modify your HTTPS Inspection to achieve similar results.
Please sign in to leave a comment.