D-Link DFL-200 Product Manual - Page 122

Appendix D: HTTP Content Filtering HTTP Content Filtering Global Policy Protection from malicious or improper web content is a must for Business owners and concerned parents alike. There are numerous vehicles for hackers to damage or take control of one's PC or even Network. Malicious code may be delivered in deviously crafted ActiveX controls, Java Scripts, cookies, or tainted file downloads. Many times executable (*.exe) files are laced with spy-ware or viral programs that become active and take over after the program is run for the first time. To help reduce the likelihood of malicious software reaching the PCs on the LAN or DMZ of the NetDefend Firewall, filtering of HTTP traffic can be customized and enabled. This filter can be configured to strip ActiveX objects (including flash), Java Applets, Visual Basic/Java Scripts, and or block cookies. In addition, a Whitelist is configurable to define URLs that will always be allowed. Conversely a Blacklist is provided to allow customizable filtering of websites, domains, and even file types based on file extension. All of the aforementioned filters function simultaneously (if enabled/configured) when HTTP content filtering is enabled. In order for HTTP content filtering to be performed, all HTTP traffic must pass-through an outbound policy utilizing the HTTP ALG. Due to this behavior content filtering can be applied to either LAN or DMZ interface simultaneously or independent of one another. Keep in mind that the content filtering specifications are global and will apply to every instance of a rule using the HTTP ALG. Two configurations need to be made in order to use HTTP Content Filtering: - The Whitelist and Blacklist must be customized to suit the desired filtering requirements. - HTTP traffic on an interface (LAN or DMZ) must be bound to a rule using the HTTP ALG. 122