0Pricing
Security+ Academy · Lesson

Web Content Filtering and DNS Sinkholes

Block malicious domains and categories of content through URL filtering proxies and DNS-based sinkholes that stop malware callbacks at the network layer.

Why Web Content Filtering?

Web browsing is one of the most common infection vectors — malicious downloads, drive-by exploits, and phishing pages all rely on users visiting harmful URLs. Web content filtering controls which websites users and devices can access, blocking categories of malicious or policy-violating content before the connection is made. Filtering can be applied at the network proxy layer, DNS layer, or on the endpoint itself. When properly configured, filtering stops malware downloads, command-and-control (C2) callbacks, and data exfiltration even when other defenses fail.

URL Filtering Proxies

A web proxy sits between clients and the internet. When a user browses to a URL, the request goes to the proxy, which checks the URL against a categorized URL database (maintained by vendors like Webroot, Zscaler, Palo Alto). If the category is blocked (malware, gambling, adult content), the proxy returns a block page. If allowed, the proxy fetches the content and returns it to the user. Explicit proxies require browser configuration; transparent proxies intercept traffic without client configuration. Cloud-based Secure Web Gateways (SWGs) extend filtering to remote users without hairpinning traffic through the corporate network.

# squid proxy basic configuration snippet
http_port 3128

# Block malware and phishing categories
acl blocklist dstdomain '/etc/squid/blocklist.txt'
http_access deny blocklist

# Allow trusted corporate subnet
acl trusted src 10.10.0.0/24
http_access allow trusted
http_access deny all

# Block file types (executable downloads)
acl badfiles url_regex -i \.exe$ \.bat$ \.ps1$
http_access deny badfiles

All lessons in this course

  1. Email Authentication: SPF, DKIM, and DMARC
  2. Secure Email Gateways and Anti-Spam Controls
  3. Web Content Filtering and DNS Sinkholes
  4. SSL/TLS Inspection and Man-in-the-Browser Attacks
← Back to Security+ Academy