ComSifter Operation

Network Flow Diagram

Network Flow
  1. Client/User requests a web site (Path 1).
  2. ComSifter queries Client/User for identification (username) (Path 4).
  3. Identd on Client/User responds with username (Path 1).
  4. ComSifter looks up username in database and determines filter to be applied to page.
  5. ComSifter checks internal cache for page. If locally cached, ComSifter goes to step 8.
  6. If not locally cached, ComSifter requests page from Internet (Path 2).
  7. Page is retrieved from Internet (Path 3).
  8. If clean, ComSifter serves page to Client/User (Path 4). If not clean, ComSifter sends "Access Denied" page (Path 4).

How ComSifter Filters

Two levels of filtering insure that ComSifter will stop inappropriate content:

  1. ComSifter first checks the requested domain/URL against its Exception IP List to see if the site is excepted.
  2. Next ComSifter checks the domain/URL against it Exception Site list to see if it is excepted.
  3. Next ComSifter checks the domain/URL against its blacklist. The list has over 500,000 entries— categorized by content.
  4. ComSifter then loads the complete page into memory and scans every word on the page. It then applies the CSphrase Filter Technology to determine if the page is acceptable or not.
  5. If acceptable, the page is sent to the requesting computer.
  6. If the page is deemed unacceptable, the “Access Denied” page is sent to the requesting computer.

Filtering Order of Precedence

Following is the Order of Precedence ComSifter uses when filtering. ComSifter will process the first rule that matches. Once a rule has matched ComSifter stops rule processing.

An example would be a download ban of all EXE files. EXE would be entered in the appropriate Banned Extension List. However, you would like to allow users to download from a trusted site. If that site were placed in the Exception Site List then the rule would stop when it matched in the Exception Site List.

  1. Bypass Computer
  2. Bypass User
  3. Hours of Operation
  4. Full Exception Domain List
  5. Full Exception URL List
  6. Blanket Block
  7. Blocked Computer
  8. Blocked User
  9. Banned URL List
  10. Blanket IP Block
  11. Banned Domain List
  12. Banned MIME List
  13. Banned Extension List
  14. CSphrase Filter Exception Words/Phrases
  15. CSphrase Filter Banned Words/Phrases
  16. CSphrase Filter Weighted Words/Phrases

CSPhrase™ Filter Technology

Blacklists are very effective if the offending web site is known. Hundreds of new sites catering to pornography and other inappropriate content are added to the Internet weekly.

To insure that these sites are blocked—until they can be added to the Blacklist—ComSifter uses CSphrase Filtering technology. CSphrase Filtering scans and assigns a numeric weight to each word on the requested page. Appropriate words are assigned a negative value while inappropriate words are assigned a positive value. ComSifter then adds these weights together and derives a value for the page. This value is then compared with the Sensitivity threshold described in Filter Setup. If the threshold is exceeded, the page is denied. If the threshold is not exceeded, the page is displayed.

An example of this in action is a search engine search for nude breasts. The page will be denied, as it brings up multiple pornographic sites and the threshold is exceeded.

A search on the phrase breast cancer is not blocked. The good words found on the page modify the bad words—allowing the page to be displayed.


CSphrase Filtering is biased to “not show the page if in doubt.” This reduces the chance that web users will be exposed to inappropriate content.

As a result of this bias, there may be cases where a user believes they have entered a very safe query but the page is blocked. If so, a more defined search may bring better results. Using the example above, a search on breast cancer will yield better results than breast. Even better would be breast cancer research.