Pass-By Filtering Appliance

Pass-By filtering is a system used by large organisations and ISPs who wish to introduce filtering policies for users and offers a high level of flexibility and granularity.

It has the advantage of having no affect on the performance of the network due to the way it inspects traffic without breaking the data stream - unlike proxy servers.  A typical installation would connect the filtering server to a mirrored port of a switch in the target network so that it can see the traffic through the switch. The filter is then able to monitor requests for web sites and block those that are required by the chosen profile.

A number of servers can normally be connected to the mirrored port via a hub or a load balancer to scale the filters for large networks where they exceed the capacity of a single filtering appliance. 

An example of this technology is the Marshal8e6 R3000.