Interfaccia.exe

Login window.

Interfaccia.exe is your starting point when you have to make a configuration change, insert, modify, delete or view program data and logs.  Interfaccia.exe can be used to start and stop URLFilterService using an administrative account. The first window coming up is the login window. The default administrative program account is: user ADMIN password 1234.

1. program user;
2. password for program user;
3. login button;
4. language selector;
5. start and stop URLFilterService button.

Main window.

Once logged in the main window will appear. The main window contains five sections:

1. functions menu access;
2. actual service status;
3. active function;
4. active function data;
5. available operations for selected function.

Configure URLFilterService.

Before starting to use URLFilterService you must configure it. Let's start by selecting the external service ,update type and time. The available services are:

1.URLFILTERSERVICE

This is not an external data service. You can use this choice to build a custom list from scratch.

2.SHALLA SECURE SERVICES

"Shalla's Blacklists are free of charge for personal and partly for commercial usage. Anyway, commercial usage requires signing a usage contract. See our licence for details. Please contact info (at) shalla.de for information about gaining this contract.
Exception: If you plan to sell the lists or include them into a commercial software package you must obtain a written contract with Shalla Secure Services. The costs depend on the product.
Many people contributed to this lists. We are of the opinion that if free blacklists are used commercially the community who contributed to the lists for free should get something back: corrections and addons. That's just fair, isn't it?! ūüėČ "

3.UNIVERSITY OF TOULOUSE 1 CAPITOLE

"The Université Toulouse 1 Capitole propose a blacklist managed by Fabrice Prigent from many years, to help administrator to regulate Internet use. This database, often used in school, can be used with many commercial or free software. Be careful : this list should not be seen as a "to be block". It must be seen as a "web categorization" : some categories can be blocked or allowed, depending on your environment.."

Next choice is about logs type and about how many days you want to keep logged data:

1.DO NOT LOG

2.LOG DENIED REQUESTS ONLY

3.LOG ALL REQUESTS

"Service status" options are:

.Inactive  (filtering is disabled);

.Active  (filtering is active)

.Active, mandatory user (multi user filtering is active, see identita.exe help page)

"Block uncategorized url" is used to block sites that aren't listed in a category. While using it keep in mind that Internet is very huge and enabling this option will "cut off" the most part of it. This flag is global and, once set, override per user/ip flag.

"Block if unavailable" flag  controls IPC data exchange closing connections when there's no service reply or a timeout wait occurred.

"Interface message queues" are data queues for IPC. Max value for this flag is 10.

UrlFilterService MITB mode comes enabled by default. MITB mode supports only Microsoft EDGE and Internet Explorer; if you don't plan on using them it's better to disable this option to free some system memory. Max value for IPC MITB queues is 1000.

"Block images" and "Block javascript" are flags that extend Mime type filtering by setting a global  and generic rule on images and scripts. This options can be bypassed whitelisting trusted sites or urls.

"Disable HSTS" can be used to fight against a form of user tracking.  Read more on Wikipedia. Whitelist has no effect on this option.

"Remove referer" flag is used to remove the information about the page you're coming from when clicking on a link. Whitelist has no effect on this option.

"Spoof user agent" flag change the information about the identity the browser sends to website. User agent string can be used to track users: it contains information about the browser itself and the operating system it runs on. Whitelist has no effect on this option. Possible values are:

      • no value (the browser send its standard identifying string);
      • a string containing the spoofed user agent (example: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0)
      • use # character to change the user agent string at every web request (this mode uses uastrings.txt located into UFS installation folder)
      • use #value as above to change¬† user agent string every value seconds (example: #60 to rotate string every sixty seconds).

 

"Disable Accept-Language" disable sending information about your native language to web sites. Whitelist has no effect on this option.

"Disable POST/PUT data" flag when enabled blocks sending data from your browser to web sites. Once enabled almost any site that require authentication will stop working. Web sites collect informations about users executing scripts that send the data back using HTML POST and PUT commands.   Disable javascript and post/put data to achieve a better privacy on the web. Whitelist has no effect on this option.

 

 

 

UrlFilterService DNS sinkhole comes disabled by default. DNS sinkhole works as a DNS server and can filter requests on your local network for mostly any kind of network device (smartphones, tablets, smart tvs, game consolles, routers and computers).

UFS DNS filter  enhance your privacy with DNS over HTTPS.

urlfilterservice.exe needs to be allowed to public and private network communications in your antivirus and/or firewall for dns sinkhole functionality to work properly.

"Max concurrent connections" flag value of 128 must be more than enough for almost any local network. Max value for this flag is 65536.

"Listen on a specific IP" flag sets the binding address. use #number to modify listening port (example: 127.0.0.1#36363 to listen for requests on port 36363 of IPV4 loopback address). Both IPV4 and IPV6 addresses are supported.

"External dns resolvers" sets the external resolvers.  Use ip#443 to switch to dns over https resolvers (works only with Cloudflare and Quad9), or ip#any_other_number to change default server port (53). Both IPV4 and IPV6 addresses are supported.