Understand the Internet Watch Foundation Content Category

Available Languages

Download Options

  • PDF     (29.7 KB)
    View with Adobe Reader on a variety of devices
Updated:October 1, 2025
Document ID:225112

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes the Internet Watch Foundation (IWF) content filtering category in Cisco Umbrella.

    Prerequisites

    Requirements

    There are no specific requirements for this document.

    Components Used

    The information in this document is based on Cisco Umbrella.

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Overview

    As part of Cisco Umbrella's commitment to providing the best possible Internet security and filtering, this article introduces a category of content filtering to Umbrella: the Internet Watch Foundation (IWF).

    The  IWF is a UK-based charitable organization whose mission is the elimination of child sexual abuse images online. The IWF maintains a list of blocked web pages to prevent internet users from accidentally finding child sexual abuse content. They supply partners with an accurate and current URL list to enable blocking of child sexual abuse content. Umbrella is adopting their list as a category that can be blocked in Umbrella. Read more about the work the IWF is doing.

    Enable the IWF Category

    The IWF's list is comprised of both domains and URLs. This means that some entries on the list can simply be blocked using our standard DNS-based block list technology, whereas the URL-specific blocks requires that Umbrella's intelligent proxy is enabled. In order to block all the sites contained within the IWF content category, you are required to enable the intelligent proxy within your policies.

    The intelligent proxy is explained in the Umbrella documentation. Essentially, it enables the ability to filter certain URLs as determined by our cloud-based proxy. By selectively and intelligently proxying certain traffic, Umbrella is able to easily filter the URL list from the IWF without slowing down or bottlenecking the speed of your Internet.

    note-icon

    Note: The intelligent proxy and the IWF content category are only available to customers with certain Umbrella packages. The IWF content category and the Intelligent Proxy are also available to MSPs providing the "Umbrella for MSPs" package to their customers, and for any current Guest Wi-Fi/Secure hotspot package users (Roaming/branch/WLAN ). If you do not see the Internet Watch Foundation (IWF) category listed in your Category Settings, please contact your account manager for this additional feature.

    Configure the Internet Watch Foundation as a Content Category for Blocking

    To set up IWF as a content category for blocking:

    1. Enable Umbrella's intelligent proxy in your policies. The intelligent proxy is the ability for Umbrella to intercept and proxy requests for malicious files embedded within certain so-called "grey" domains.

    2. Navigate to Policies > Management> DNS Policies > Category Settings.

    3. In the list of Categories to Block, select Internet Watch Foundation and save your update.

    Test the IWF Category and View Reports

    1. Umbrella set up a test domain to allow you to ensure that you have correctly configured your policies for the relevant identities that can have the URLs on the IWF list blocked. The test domain is http://proxy.opendnstest.com/iwf.htm.

    • If your identities and policies are correctly configured, you can receive a block page as you can for any other content category block. The block page appearance can vary based on your configuration. 

    2. If you do not see a block page, check to ensure that the identity that you are testing with is correctly applied to the appropriate policy.

    • If you see a page indicating you are not using the intelligent proxy, check your policies to ensure the intelligent proxy is enabled.
    • If it is enabled but the IWF content category is not set to block, you can receive a page showing the text "IWF." In that case, please check to ensure the content category is enabled in your policies. 

    3. Once you tested it and you would like to check out your reports, apply a filter against a search in the Activity Search report:

    IWF Category For Filtering115014821466

    4. Your results can show any attempts made against our test page in the results. 

    5. If you are not seeing the appropriate block page when testing, or if the results of your tests are not appearing in your search, please contact Cisco Umbrella Support.

    Revision History

    Revision Publish Date Comments
    1.0
    01-Oct-2025
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products