D-Link DFL-800-AV-12 User Manual - Page 170
Static Content Filtering, Additionally, Static Content Filtering takes place
View all D-Link DFL-800-AV-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 170 highlights
6.3.3. Static Content Filtering Chapter 6. Security Mechanisms Example 6.13. Stripping ActiveX and Java applets This example shows how to configure a HTTP Application Layer Gateway to strip ActiveX and Java applets. The example will use the content_filtering ALG object and presumes you have done one of the previous examples. CLI gw-world:/> set ALG ALG_HTTP content_filtering RemoveActiveX=Yes RemoveApplets=Yes Web Interface 1. Go to Objects > ALG 2. In the grid, click on our HTTP ALG obejct, content_filtering 3. Check the Strip ActiveX objects (including flash) control 4. Check the Strip Java applets control 5. Click OK 6.3.3. Static Content Filtering NetDefendOS can block or permit certain web pages based on configured lists of URLs which are called blacklists and whitelists. This type of filtering is also known as Static Content Filtering. The main benefit with Static Content Filtering is that it is a excellent tool to target specific web sites, and make the decision as to whether they should be blocked or allowed. Static and Dynamic Filter Ordering Additionally, Static Content Filtering takes place before Dynamic Content Filtering (described below), which allows the possibility of manually making exceptions from the automatic dynamic classification process. In a scenario where goods have to be purchased from a particular on-line store, Dynamic Content Filtering might be set to prevent access to shopping sites by blocking the "Shopping" category. By entering the on-line store's URL into the HTTP Application Layer Gateway's whitelist, access to that URL is always allowed, taking precedence over Dynamic Content Filtering. Wildcarding Both the URL blacklist and URL whitelist support wildcard matching of URLs in order to be more flexible. This wildcard matching is also applicable to the path following the URL hostname which means that filtering can be controlled to a file and directory level. Below are some good and bad blacklist example URLs used for blocking: *.example.com/* www.example.com/* */*.gif www.example.com *example.com/* Good. This will block all hosts in the example.com domain and all web pages served by those hosts. Good. This will block the www.example.com website and all web pages served by that site. Good. This will block all files with .gif as the file name extension. Bad. This will only block the first request to the web site. Surfing to www.example.com/index.html, for instance, will not be blocked. Bad. This will also cause www.myexample.com to be blocked since it blocks all sites ending with example.com. 170