Skip to main content
Altostrat’s DNS Content Filtering service empowers you to enforce your organization’s acceptable use policy by blocking access to websites and online applications based on their content category. When a site is assigned a content filtering policy, all DNS queries from its network are intercepted by Altostrat’s secure resolvers. If a user tries to access a domain that falls into a blocked category, the request is denied at the DNS level, preventing them from ever reaching the site.

Key Capabilities

Category-Based Blocking

Block entire categories of content, such as Adult, Gambling, Social Media, or Malware, with a single click. Our categories are continuously updated to include new and emerging sites.

SafeSearch Enforcement

Force all Google and Bing searches to use their strictest “SafeSearch” setting and enable YouTube’s “Restricted Mode” at the network level, overriding any user or browser settings.

Custom Allow & Block Lists

Gain granular control by creating custom lists of domains to always allow (whitelist) or always block (blacklist), which take precedence over category rules.

Filter Evasion Protection

Block access to known anonymizer proxies, public VPNs, and other tools commonly used to bypass content filters, ensuring your policies remain effective.

Phase 1: Creating a Content Filtering Policy

A policy is a reusable template of rules. First, you create the policy, and then you apply it to one or more sites.
1

1. Navigate to Content Filtering Policies

In the SDX dashboard, go to Policies → Content Filtering. Click + Add to begin creating a new policy.
2

2. Configure Your Policy

Give your policy a descriptive Name (e.g., “Guest Network Restrictions”). Then, configure the rules:
  • Categories: Check the boxes for any content categories you wish to block.
  • Safe Search: Enable the toggles to enforce SafeSearch and YouTube Restricted Mode.
  • Allow List / Block List: Add any specific domains you need to explicitly allow or deny.
Click Add to save the policy.

Phase 2: Applying the Policy to a Site

A policy has no effect until it is assigned to a site.
  1. Navigate to the Sites page and select the site where you want to apply the filter.
  2. In the site’s settings or overview page, find the Content Filter Policy section.
  3. Select your newly created policy from the dropdown menu and save the changes.
Altostrat will now orchestrate the necessary changes on the device. Allow a few moments for the policy to take effect.

Managing Existing Policies

To edit or delete a policy, navigate back to Policies → Content Filtering.
  • To Edit: Click on the policy name, make your changes, and save. The updates will automatically apply to all assigned sites.
  • To Delete: Click the trash can icon next to the policy.
Deleting a policy will remove filtering from all sites it is assigned to. If you only want to stop filtering on a specific site, navigate to that site’s settings and un-assign the policy instead.

Best Practices

Start Conservatively

Begin by blocking only essential categories like Malware, Phishing, and Adult Content. Monitor usage and refine your policy over time based on your organization’s needs.

Use Separate Policies

Create different policies for different network segments. For example, a stricter policy for a guest network and a more lenient one for the corporate LAN.

Layer Your Security

DNS Filtering protects against unwanted content. Combine it with BGP Threat Mitigation to also block known malicious IP addresses at the network layer.