Required components:

1. Deep Traffic Analysis Platform (DPI)

Advantages:

1) Easy to use:

• all rules are applied at one place: on DPI platform;
• the platform loads and applies rules from lists by itself.

2) Productivity:

• the list includes up to 4 billion URL records. Its representation in memory is compressed;
• up to 65000 web-lists;
• traffic capacity up to 400 Gbpds per one CPU;
• unlimited scaling by simple installation of additional servers;
• propagation delay is less than 30 μs.

3) Functionality:

• HTTP/HTTPS/QUIC protocols are supported for web filtering;
• URL for HTTP, SNI/CN for HTTPS/QUIC protocols;
• HTTP and HTTPS/QUIC traffic regardless of the service port being used;
• filtering for HTTP proxy is supported (including Opera Turbo/Mini);
• the software can consider or ignore the port number (i.e. block http://www.example.com and http://www.example.com:8080 together or separately);
• does not depend on IP address changes;
• redirection instead of blocking is supported for HTTP;
• incapsulation of VLAN, QinQ, MPLS is supported;
• support of asymmetric traffic routes, including processing of outbound traffic only;
• support of mirrored traffic;
• provides many other useful capabilities, unlike dedicated filtering solutions.

4) "Four nine's" reliability:

• works 24×7 with no breaks and service delays;
• uptime of the systems already installed is many months;
• the Bypass mode is supported to calm the operator.

5) Cost saving:

• DPI runs on a general purpose computer;
• support costs are almost zero - everything is automated;
• no need to waste money and time to develop and support own solution;
• a proxy hardware would cost much more to achieve the similar traffic capacity.