A content filter can be used to block certain URLs or web pages containing specific phrases. A content filter can be linked to a subscriber network (global settings) or billing package. The content filter comes with a predefined list, this list will automatically be updated if you have a content filter subscription.
Since version 5.0.06 a new filtering method has been implemented that is much more light-weight in terms of computing performance but only allows filters on specific URLs. You can enable to old-behaviour that includes deeper HTTP inspection (and thus can filter on eg. keywords) by enabling
Deprecated mode in
System → Settings and then checking
Urlbased when editing the content-filter.
Note: Content-filter subscriptions retrieve their lists from http://urlblacklist.com and are updated on a weekly basis.
You can use a predefined list or add a specific value you want to block. You can see the values of a predefined list by clicking on the name.
Important: You can also enable weight. All words on a page that are in your phrase list and have a weight will be added and if the weight is larger than the allowed weight, the site will be blocked. For example, you have two words; test with a weight of 30 and gateway with weight 31 and the total allowed weight is 50. If you then go to a website that contains the word test and gateway, this site will be blocked because 30 + 31 is larger than 50. If you go to a website with just the word test will be showed. Multiple occurrences of the same word count don't count as one. Twice the word test will equal a weight of 60.
Note: A future content filter update could block a website you do not wish to block, using Allowed Sites enables you to overrule these blockades.
Custom Input fields give you the ability to create your own fields that are not by default on the system (eg. Date of birth). These fields can then be used in other facilities such as Registration Forms, Subscriber Export…
Devices are a logical identification of different devices in the system. This has as advantage that you can use the logical device name everywhere else in the system rather then use a technical representation of the device like the user agent or MAC address.
A device can be identified by it's
Devices can be used to
F8.*as regular expression.
Groups logically group a set of subscriber profiles with the goal to allow or block access for these subscribers. This could be a school that has a group per class, with this option it is possible to block Internet access for the entire classroom.
Group Internet access can be disabled or enabled by clicking the “turn on/off online access” button in the action column. To add a user to the group edit the user profile and select the group from the drop down (see subscriber details)
This module determines how clients will be authenticated, all clients will receive an invalid login message when no authentication mechanism is specified or found.
The system will try all authentication types from top to bottom, once the username is found in one of the authentication methods the system will no longer check other types. The username pattern field allows to configure a regular expression the username must match before an authentication method is tried. If enabled (Checkbox strip pattern), the system will strip the pattern, before trying to authenticate.
Here you can schedule the AAA state of a location. This allows you to open a location (a part of your network) for a configured time period.
Note: Once the start date is reached you cannot update the location scheduling anymore. When deleting a location scheduling or when the end date is reached, the location will return to its previous AAA state.
Locations are logical divisions which can be used to apply configuration for a specific part of the network. These logical divisions can be created by adding a guest network (or part) to a location.
In the password policy you can set different password policies for the system. Password policies are used to define actions the user has to do concerning his password. This module can be used
for guests and administrators:
Filters are designed to answer to specific User agents, hosts, paths and destination IPs for non active devices. These can be used to perform redirections, mimic internet checks, block unwanted browsers, … A few predefined filters can be found in the drop-down menu to catch Captive Network Assistents preset in recent versions of Windows, iOS, OS X, Android, Blackberry, …
Note: Filters header and filter content fields are currently limited to 2000 characters, if you need this enlarged, please contact support.
A list of user agents that reached the portal page.
Here you can define some common proxy ports, if someone uses one of these ports: a message, configured in the return content will be shown. This can be used to tell the customer to disable their proxy settings before connecting to the internet.
This lists all rooms configured on the system. This table is populated by:
Each room can be linked to a floor, guest type and VLAN (you first need to select the subscriber network in order to link it to a VLAN). Floors can be created in the floors tab, guest types in the guest types tab.
By clicking the edit icon, you can also see all guest details of the guests checked-in in that room. To ease the search for a specific room / guest, there is a search module available.
(Portal page) Rules specify what options a client has when connecting to the portal. It specifies:
By adding more than one rule, it is possible to display different portal pages depending on the device type or location.
The rules are processed from top to bottom, as soon as a rule matches, the rules below it will be ignored. This is why the rule order is important, the rules can be sorted by clicking the sort icon in the navigation bar. The actual rule configuration consist of two parts; the functionality needs to be enabled (portal page / billing package / billing options). The second part is defining triggers to a specific rule. These triggers can be composed of:
Note: Multiple triggers can be configured and combined using binary logic and/or relationships.
Upgrade rules are triggered when a client want to upgrade his current package. This happens when they enter the upgrade domain in their browser e.g. http://upgrade.com (see DNS Entries on how to configure your upgrade domain). The upgrade rules are identical to the standard rules but they only have the option to specify the billing packages. There is also an additional trigger, the current billing plan of the subscriber.
IP addresses / domains or URLs in this list will be accessible for all unauthenticated subscribers in the selected subscriber network.
The advanced configuration supports regular expressions, path and action (allow / disallow) but due to performance penalty we recommend using the default configuration.
Using Web-notifications, the HSMX can notify 3rd-party systems of certain events.
Configuration is fairly straight-forward; browse to
Service → Web-notifications and
Enable the service. Proceed by configuring the HTTP callback URLs:
The following HTTP GET variables are at your disposition:
Note: When using HTTPs services a valid certificate is required.
Since version 5.1.06.