"Monitor/Audit Only" Policy Option | Voters

"Monitor/Audit Only" Policy Option

Nate

A client approached me and asked if we could monitor what his employees were doing without stopping the activity. I was stumped, there's nothing for that. Could we have a monitor only policy in place along with the block policy? To filter all the things a company would want to see but not block completely. (Shopping, Social Media, and Sports are a few that come to mind)

March 11, 2022

Ryan Poppa

Merged in a post:

Have Warning Option instead of only Block/Allow

Sean Lair

Be able to set a site/category to Warn instead of only Block/Allow. That would let the user know it is potentially a bad site, but allow them to continue. This is one feature our competitors have that our users really like.

2 days ago

Ryan Poppa

Merged in a post:

Learning and Monitor Mode for new installs

Blake Duhamel

Another solution we have in our MSP stack is ThreatLocker and during deployment on any device the endpoint agent automatically goes into a Learning Mode for a pre-set time to build new/add entries to current App Control policies if they would have been blocked. That got me wondering if the DNSFilter roaming clients could have a use for something like that. 
Situation 1 - Learning Mode
During brand new Organization wide deployments then the roaming client could build a list of DNS servers currently used by each device which is stored locally on the device and used as failover DNS Servers to resolve requests in the event the DNS server normally used cannot be contacted. This feature could be a toggle option in the console so administrators could enable for specific environment deployments.
Situation 2 - Monitor Mode
During new or old deployments have the ability to toggle at the Organization or roaming client level to flag requests under Reporting>Insights or Tools>DNS Query Log in a way that allows the requests to resolve on the roaming client with a flag showing if it would have been blocked based off the current Filter Policy Applied. Ideally this would allow a smoother deployment/review process without impacting users during normal day to day work functions.

5 days ago

Greg

Is there any update/potential for this to be moved into production?

Steve Staden

Greg: No update to share right now as it's not currently planned. However, can you elaborate on your use case just to understand the need on this one. Appreciate it.

Greg

Steve Staden .In the case of lesser than malicious sites like parked sites, or sites categorized as alcohol or gambling but there is not a hard requirement for the site to be blocked we would like to allow the user to have a warn page, proceed with caution, and monitor the activity instead of a hard block. Parked sites is still a very false positive ridden category so we would like to allow users to proceed through with a warning on parked sites categorized websites

Wiley

AI sites are under scrutiny now. Could we have a "Warning Page" with custom text reminding our users "Do not place PHI, PII, or any other sensitive information into any AI platform" such as ChatGPT.

This would only be applicable to AI driven sites, or a set list of sites.

Steve Staden

Wiley: That's a good idea, thanks for adding that feedback.

Steve Staden

Merged in a post:

Audit Mode

Sean Kearney

It would be great if we can have an 'audit mode' on our block policies. As an MSP, we have default blocklists (adult content, illegal, very new domains, etc), but often we find there is a bit of noise generated when deploying filtering to clients that haven't had it before, and don't have a great grasp on their IT needs (most of them). We find the block policies need a bit of refinement to stop impacting operations, and I would love a way to do this by deploying a block policy with an ideal configuration but in an audit mode so we can review the potentially blocked sites and add to an allowlist if needed, before impacting them and potentially degrading the service experience.

January 16, 2024

Steve Staden

Merged in a post:

Policy Audit mode

Euro

enable policy to be on without blocking users, to allow IT to make sure sites are whitelisted/categorized appropriately

December 8, 2023

Moody

Would also be nice to have the warning page served from a different set of IP's that those used for blocked requests so that automation and analysis tools can look at different metrics and better understand/act upon the returned data.

Steve Staden

Merged in a post:

Stop Sign

Michael

Would love if DNSFilter had an "Are You Sure" feature before moving forward on a page that could be blocked!

June 8, 2023

Mikey @DNSFilter

Thanks for the request Nate. You can already see all traffic in our Insights reporting engine and in the raw Query Log data. I suspect there is more to this request though. Please explain further.

Kier PW

^This :) It would be useful to have a 'Report' option so you can test the potential impact of Blocking a category, before actually blocking it.

→