Modern user entities have become accustomed to ready access to the Web. With this widespread access and the variety of services available therewith, networked entities may use Quality of Service (QoS) based Web filtering to control their Web traffic. Web filtering typically operates by permitting or denying to a requestor access to a web site according to an identity or category associated therewith. Web filtering functions are typically performed with an external server, e.g., one that has little or no role in actual network access control functions, such as routing and switching, providing a firewall and related networking functions.
With finite bandwidth and the fact that some permitted websites, Web services, etc. may be more significant to an entity than others, QoS based Web filtering is performed to facilitate connectivity to websites that may be more significant to the entity than others. For example, a network entity may have a partnership or a similar enterprise relationship with one or more critical website partners. Ensuring connectivity with critical partners typically has a higher priority for the entity than for other websites that, while permitted, may be less significant to the operations of the entity.
Typical Web filtering solutions are implemented with a pass-through model. Clients' requests for Web pages pass through a network access control device (NACD) such as a firewall, proxy server, caching device, router, network switch, gateway or the like. Special agents running thereon communicate with a Web filtering server.
Upon receipt of a Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Hypertext Transfer Protocol Secure (HTTPS), or other request for a webpage, the NACD queries a Web filtering server to ascertain whether the request should be permitted or denied. The Web filtering server then checks a policy assigned to the client making the request, makes a permit/deny decision accordingly. The Web filtering server sends a response corresponding to its permit/deny decision back to the NACD. An identifier representing a Web filtering related category associated with the requested site can be included. The NACD enforces the permit/deny decision with an action to allow or block the requestor's access to the requested website.
However, conventional web filtering solutions provide a simple binary granularity: a website is either permitted or blocked. The NACDs with Web filtering agents are typically implemented in the path between a client and servers on the network to which the client requests access. The Web filtering servers generally reside in an internal network segment that is accessible to the NACDs. Upon a HTTP or other request for a Universal Resource Locator (URL), conventional web filtering servers ascertain whether that URL is permissibly accessible to that user, or whether that user's requested access thereto should be blocked. The web filtering servers do not readily take the significance of the website to the entity into account.
To take the significance of the website to the entity into account, some conventional web filtering solutions attempt to control web access based on factors such as bandwidth and time usage. This however can add complexity and delay because it can require the implementation of a monitoring and enforcing mechanism in the network on top of (e.g., functional with, controlled by, etc.) the conventional web filtering function itself. Moreover, such conventional approaches do not integrate with existing and widely used networking prioritizing mechanisms such as Quality of Service (QoS) and can be prone to performance and scalability limitations.