IPS´ (Intrusion Prevention System) solutions can constrain Internet traffic based on location and content filtering as following: Geolocation. Content filter within search engine Content filter on Youtube In this project, the IPS we rely on is part of a SASE (Secure Access Service Edge) solution deployed inline with the client(s). Then the Internet traffic from the brach is monitored as shown at the topology: In terms of geolocation, when an user requests access for a website hosted in a “forbidden” country, the policies are responsible for blocking that content by the use of firewall rules. Then the so called outbound traffic is filtered from the POP (Point Of Presence) the IPS´ SASE client is connected to. The opposite direction can be filterd as well. The inbound traffic usually refers to an user located in the undesirable country (i.e. Russia, Iran, North Korea etc). An useful exception applies when that user is actually an employee trying to access his/her own company´s resources. In this case, an SDP (Software-Defined Perimeter) user is recommended to be used so we can have a bypass rule. Eventhough geolocation is not enough when the “forbidden” country related website is not hosted in there. Then we should complement the configuration with a TLD (Top-Level Domain) rule as .ru, .ir or .kp suffixes. The following shows an example of a russian website access attempt that generates 3 events. The first one refers to TLS inspection that occurs by default when that traffic flows through the POP where the SASE client is connected to, so no malicious content can reach that user. Then 2 requests generate events: the main HTML page and favicon asset that is usually sent apart for browser´s efficiency reasons. Then, no access to that content is allowed, which provides a restriction message in the browser. When it comes to content filter throughout search engine (i.e. Google), if the website falls under a forbidden content, it won´t be accessible by the search engine results. Some of the built-in categories are: gamble, weapons, alcohol, nudity and cults. For testing purposes, when we search “Fortune Tiger” on google, some websites are suggested and those bring their preview descriptions. However, by clicking on any of them, we get an ERR_EMPTY_RESPONSE message in return. P.S. pay further attention on the URL. That means it´s request comes from a Google search. But… when the same website is requested by the browser in a straight forward manner, we get a warning, instead of blocking, from the SASE solution. Enabling content filter for Youtube usually brings high rates of false posite and also false negatives because it relies on a contextual analysis from the SASE solution which is not as accurate as the one from humans. Beside that, analysing videos is much harder than analysis text from a non human point of view. In the first case, to the left a SASE client searches for “Gamble” on Youtube and soon we get a “Some results have been removed because Restricted Mode was enabled by your network administrator” note just above the results. Eventhough, we have a card game video as one of the suggestions. On our right, a regular user searches the same (by utilizing the identical Youtube account) at the same time and we have different video recommendations. In the second case, Bet Poker TV channel brings no Short videos for SASE client on the left. To the righ, a regular user is content served by the same scenario. In the third case, once again, different results for SASE client (to the left) versus regular user (to the right) regarding Youtube search for videos about beer.