Forum Discussion
Firewall Unsufficient
- Sep 30, 2020
What you need is Web Content Filtering, and not a firewall.
A Firewall ist not meant to do this kind of work, and as such you will not find a good or easy way to do this with Windows Firewall alone (which is an endpoint network firewall).
You could theoretically write a plugin for WF to do what you want, as it is extensible, but you are better of implementing this correctly with one of the following solutions:
- Do the filtering on your edge-device/internet gateway. Many modern firewall appliances that are meant to be used as edge firewall also include web content filtering engines.
- Do the filtering old-school with a web-proxy-server. There are a lot of different ways to install a proxy server on your network and use this as the only way to the internet for all your clients. You then can use the proxy to filter URLs.
- If you want the Microsoft solution for this, get Microsoft Defender for Endpoint (formerly Microsoft Defender Advanced Threat Protection) which also includes web content filtering directly on the client without the need to install anything (https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering).
What you need is Web Content Filtering, and not a firewall.
A Firewall ist not meant to do this kind of work, and as such you will not find a good or easy way to do this with Windows Firewall alone (which is an endpoint network firewall).
You could theoretically write a plugin for WF to do what you want, as it is extensible, but you are better of implementing this correctly with one of the following solutions:
- Do the filtering on your edge-device/internet gateway. Many modern firewall appliances that are meant to be used as edge firewall also include web content filtering engines.
- Do the filtering old-school with a web-proxy-server. There are a lot of different ways to install a proxy server on your network and use this as the only way to the internet for all your clients. You then can use the proxy to filter URLs.
- If you want the Microsoft solution for this, get Microsoft Defender for Endpoint (formerly Microsoft Defender Advanced Threat Protection) which also includes web content filtering directly on the client without the need to install anything (https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering).