How to speed up Web performance while using URL filtering

Many companies that want to minimize business risk use a URL-filtering tool that allows them to control access to specific Web sites. The goal is to limit inappropriate Web surfing that can get the company into legal trouble, such as by introducing viruses or extracting intellectual property, while preserving network bandwidth and worker productivity.

However, the dynamic nature of the Internet makes it challenging to develop a Web site filter that can deeply inspect content without slowing down Web performance. This article will explore the benefits and limitations of content filtering and how to best plan its use to maintain granular control of Web communications with maximum Web speed.

'The network is too slow'

As a company's Web use increases, IT administrators often hear users complain about slow response times even when attempting to access "approved" Web sites. The reason is that many URL-filtering implementations are deployed on PC or Unix servers, which can be slow to respond to the growing number of requests, resulting in end-user delays.

While users misunderstand the problem as "the network is too slow," the architectural implementation of URL filtering is often the true culprit. One way to accelerate URL filtering is to run it on a dedicated hardware platform, such as a proxy appliance, which uses object-pipelining technology to request multiple Web objects in parallel, shortening the retrieval of Web pages by as much as tenfold.

All URL requests are not created equal

URL-filtering products research and classify Web content around the clock to build extensive databases of URL lists. However, a Web request can't be judged solely on its URL. Some requests are obviously bandwidth hogs, such as those asking for streaming video, news or Internet radio.

Other requests have streaming capabilities hidden within the Web page, such as the latest car advertisement. While a URL-filtering list will include a category for streaming sites and block many of the obvious ones, the list doesn't recognize streaming traffic by its protocol and therefore may not contain all streaming sites.

Similarly, instant messaging and peer-to-peer controls also are best identified by the type of protocol entering the network. To block Web requests coming in varied forms, natively identify Web protocols as they enter the network, examine the protocols and apply policy where required.

Integrating user authentication and user URL filtering

Associating the exact user with Web-browsing behavior enables companies to identify a user who has accessed or has attempted to access a given Web site and apply specific policies for that user. At times, stand-alone URL filtering, which maps client IP addresses to authentication servers for user identification, can be unreliable because addresses change frequently in Dynamic Host Configuration Protocol environments.

As local authentication schemes most accurately identify users, companies that integrate URL filtering with their background authentication systems can be most certain that policies are being applied and the behavior of the correct users is being tracked.

Best URL filtering platform depends on company size

The appropriate platform for the deployment of URL filtering depends on the number of users in the network and the desired level of security. For example, small environment of 250 users or fewer can deploy URL filtering on an Industry Standard Architecture server without performance problems. Larger environments, however, will tend to experience slower end-user performance with increasing Web requests.

To speed up Web performance and to apply deeper protocol inspection and user authentication capabilities, companies with more than 250 users should consider looking beyond a general-server deployment of URL filtering to a dedicated hardware platform such as a proxy appliance.

Jeff Hughes is director of technical marketing at Blue Coat Systems Inc. in Sunnyvale, Calif. He can be reached at jeff.hughes@bluecoat.com.

Copyright © 2005 IDG Communications, Inc.

  
Shop Tech Products at Amazon