NxFilter is a powerful Java-based web filter which controls access to web sites based on their domain names. It's also possible to limit access by user and time, and one NxFilter installation can protect your entire network.
You'll first need to install and configure the program, of course, and that can take a little effort. NxFilter isn't for network beginners, it won't fully set up everything itself, and even the web tutorial doesn't walk you through every detail. It's still not difficult - if you know how to configure your system to use a custom DNS server then you won't have much trouble - but you will have a little work to do.
Get NxFilter running on one PC, though, and it brings benefits right away, blocking known phishing sites and using packet inspection to detect some malware. A browser-based console displays stats on web traffic, blocked domains and more, as well as logging every site you've accessed.
If you need more control, it's possible to create NxFilter policies which block sites by category (75 in total), or only allow access to particular site categories - or all internet access - for a certain amount of time a day. These policies can be applied to individual network users, or groups of users. And you're even able to assign policies based on a time range, so for example an office might have a very loose policy at lunchtime, but something much more restrictive for the rest of the day.
This is just the start. If the default site blocking isn't enough, NxFilter supports adding domains manually, or grabbing the blacklist from www.urlblacklist.com. You get a stack of configuration options, there's even support for authenticating users via LDAP and Active Directory (as well as password and IP address), all while delivering great performance (the developer claims NxFilter can handle "several thousands of users easily").
v3.2.0 brings (Version History):
- NxClassifier ruleset type for HTML text added.
- 'Keep HTML Text' option added on 'NxClassifier > Setup'.
- Domain validation for whitelist has been removed.
- Drop packet when there is a response message having no record from
an upstream server.