Cookie Filter
Overview
Cookie Filter allows you to choose which hosts(websites), the browsers are allowed to send and receive the cookies.
An HTTP cookie (also called web cookie, Internet cookie, browser cookie or simply cookie) is a small piece of data sent from a website and stored in the user's web browser while the user is browsing.
You can control the cookie exchange precisely, between remote websites and users.
You can manage the user privacy (Username & Preferences).
You can also disable the users from logging into their personal accounts.
Example: You can block cookies from advertising websites like tribalfusion.com and doubleclick.net to prevent private information from being transferred to them.
And users able to query the search engines (google, yahoo) but they are not able to login to their personal accounts (Gmail, shopping websites, trading websites).
Enabling Cookie filter section on SafeSquid User Interface
Access SafeSquid interface
Go to configure page
Global
Enabled
Enable or Disable cookie filtering section.
TRUE: Enable cookie filtering section.
FALSE: Disable cookie filtering section.
Policy
Select the default action to take, when no matching entry for a requested cookie is found.
ALLOW: When Policy is set to Allow, a requested cookie is allowed, when no matching entry is found.
DENY: When Policy is set to Deny, a requested cookie is denied, if no matching entry is found.
Allow
When the Policy is Deny, rules defined under this sub-section, are exclusively allowed access.
Here you can add a new allow entry, that would explicitly result in acceptance or allowance of cookie transfer to all or specific set of conditions.
This effectively allows you set a variety of intelligently and creatively defined Cookie Transfer whitelist(s).
Enabled
Enable or Disable this entry
TRUE: Enable this entry.
FALSE: Disable this entry.
Comment
For documentation, and future references, explain the relevance of this entry with your policies.
Profiles
Specify the Profiles applicable for this entry.
This entry will be applicable only if the connection has any one of the specified profiles.
Leave it Blank, to apply for all connections irrespective of any applied profile.
To avoid application to a connection that has a profile, use negated profile (! profile).
Expiry year range
Mention the cookie expiry year range this entry applies to.
The cookie from a particular host (website), will be expired after this range.
Example: 2016-2017, here cookie will expire after year 2017.
Expiry month range
Select cookie expiry month range this entry applies to.
The cookie from a particular host (website), will be expired after this range.
Example: January – March, here cookie expires after March.
Expiry day range
The cookie expiry day range this entry applies to.
The cookie from a particular host (website), will be expired after this range.
Example: 1-20, here cookie will expire after 20th day.
Expiry weekday range
The cookie expiry weekday ranges this entry applies to.
The cookie from a particular host (website), will be expired after this range.
Example: Monday – Friday, here cookie will expire after Friday.
Expiry hour range
The cookie expiry hour ranges this entry applies to.
The cookie from a particular host (website), will be expired after this range.
Example: 1-10, Here cookie will expire after 10 AM.
Expiry minute range
The cookie expiry minute range this entry applies to.
The cookie from a particular host (website), will be expired after this range.
Example: 15-30, Here cookie will expire after 10:30 AM.
In the above example, Hours are included from Hour range.
Domain
Here you can mention the domain (website) names by separating with pipe (|) which you want to allow or deny. You can use regular expression to match the domains.
Example: safesquid.com|google.com.
Path
A regular expression matching the cookie's path attribute.
Direction
The direction of the cookie this entry applies to; can be either in (Set-cookie sent by website), out (Cookie sent by browser), or both.
IN: For Inbound Connections only. That is only for the cookies sent by the hosts(websites).
OUT: For Outbound Connections only. That is only for the cookies sent by the browser.
BOTH: For Both Inbound and Outbound connections. For cookies sent by the websites as well as cookies sent by the browser.
Time match mode
Select the appropriate mode to match the multiple time ranges.
ABSOLUTETIME:
When the absolute time match mode is used, any time between the starting and ending time will be match.
Example: Weekday range specified is Monday to Friday and Hour Range is 9 to 17.
The Absolute match mode will match any time starting Monday, 9 AM and ending Friday, 17 PM.
So, it will be active from Monday 9 AM to Friday 5 PM.
ALLRANGES:
With all ranges time match mode however, a time within all of the ranges will match.
Example: Weekday range specified is Monday to Friday and Hour Range is 9 to 17.
All ranges will match any time between 9 AM to 17 PM, on all weekdays from Monday to Friday.
So, it will be active every day from Monday to Friday between 9 AM to 5 PM.
Example
Rule#1
I want to allow cookie filtering for connections with profile “COOKIE ALLOW”. Users who require access to log in webpages and personal account need cookie access. We can use cookie -> Allow sub section to allow Cookies
Rule#2
I want to allow cookie for domain safesquid.com Despite the deny rule, connections to domain safesquid.com will not drop cookie This can be used in a situation where login is required for mission critical application.
Deny
When the Policy is Allow, rules defined under this sub-section, are exclusively denied access.
Here, you can add rules under Deny that would explicitly result in blocking or denial of cookie transfer to all or specific set of conditions.
This effectively allows you to set a variety of intelligently and creatively defined Cookie Transfer Blacklist(s).
Enabled
Enable or Disable this entry
TRUE: Enable this entry.
FALSE: Disable this entry.
Comment
For documentation, and future references, explain the relevance of this entry with your policies.
Profiles
Specify the Profiles applicable for this entry.
This entry will be applicable only if the connection has any one of the specified profiles.
Leave it Blank, to apply for all connections irrespective of any applied profile.
To avoid application to a connection that has a profile, use negated profile (! profile).
Expiry year range
Mention the cookie expiry year range this entry applies to
The cookie from a particular host (website), will be expired after this range.
Example: 2016-2017, here cookie will expire after year 2017.
Expiry month range
Select cookie expiry month range this entry applies to.
The cookie from a particular host (website), will be expired after this range.
Example: January – March, here cookie expires after March.
Expiry day range
The cookie expiry day range this entry applies to.
The cookie from a particular host (website), will be expired after this range.
Example: 1-20, here cookie will expire after 20th day.
Expiry weekday range
The cookie expiry weekday ranges this entry applies to.
The cookie from a particular host (website), will be expired after this range.
Example: Monday – Friday, here cookie will expire after Friday.
Expiry hour range
The cookie expiry hour ranges this entry applies to.
The cookie from a particular host (website), will be expired after this range.
Example: 1-10, Here cookie will expire after 10AM.
Expiry minute range
The cookie expiry minute range this entry applies to.
The cookie from a particular host (website), will be expired after this range.
Example: 15-30, Here cookie will expire after 10:30AM.
In the above example, Hours are included from Hour range.
Domain
Here you can mention the domain(website) names by separating with pipe (|) which you want to allow or deny. You can use regular expression to match the domains.
Example: safesquid.com|google.com
Path
A regular expression matching the cookie's path attribute.
Direction
The direction of the cookie this entry applies to; can be either in (Set-cookie sent by website), out (Cookie sent by browser), or both.
IN: For Inbound Connections only. That is only for the cookies sent by the hosts(websites).
OUT: For Outbound Connections only. That is only for the cookies sent by the browser.
BOTH: For Both Inbound and Outbound connections. For cookies sent by the websites as well as cookies sent by the browser.
Time match mode
Select the appropriate mode to match the multiple time ranges.
ABSOLUTETIME:
When the absolute time match mode is used, any time between the starting and ending time will be match.
Example: Weekday range specified is Monday to Friday and Hour Range is 9 to 17.
The Absolute match mode will match any time starting Monday, 9 AM and ending Friday, 17 PM.
So, it will be active from Monday 9 AM to Friday 5 PM.
ALLRANGES:
With all ranges time match mode however, a time within all of the ranges will match.
Example: Weekday range specified is Monday to Friday and Hour Range is 9 to 17.
All ranges will match any time between 9 AM to 17 PM, on all weekdays from Monday to Friday.
So, it will be active every day from Monday to Friday between 9 AM to 5 PM.
Example
Rule#1
Default rule for dropping cookies used by SafeSquid.
Connections with profile "READ ONLY" will ensure users are unable to login.
Cookie sent in both directions are dropped.
Rule#2
Connections with profile “DROP COOKIES FOR GOOGLE” will drop all cookies for domain google.com.
Cookies will be dropped for both incoming and outgoing requests.
Related Articles
Header Filter
Overview Control how the SafeSquid modifies the HTTP header messages exchanged between your Internet Clients like web browsers and the requested web service. You can add a new header directive, delete a header directive or modify an existing header ...Integration of LDAP
Integration of LDAP Here I am integrating my Active Directory with following information. Active Directory FQDN: ad.safesquid.test IP Address: 192.168.221.1 User Name: administrator@safesquid.test Domain of Active Directory: safesquid.test Basedn : ...Image analyzer
Overview Use this section to prevent the users viewing pornographic image content. This section allows you to block inappropriate images by analysing the graphical content of an image, in real time. The default template replaces the blocked image ...Caching
Overview Allows you to add/remove cache stores, and configure: Global cache options. What objects are cacheable or un-cacheable? How cacheable objects are distributed between various stores? Minimum and maximum size of the objects to be stored. ...Access restrictions
Overview Use Access Restriction to Allow/Deny access to SafeSquid's service for specific user/user groups. Allows you to specify the Access rights for various users and to profile the users into user groups for being uniquely processed in other ...