D-Link DFL-210-WCF-12 Product Manual - Page 293
Static Content Filtering, Additionally, Static Content Filtering takes place
UPC - 790069601545
View all D-Link DFL-210-WCF-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 293 highlights
6.3.3. Static Content Filtering Chapter 6. Security Mechanisms Removing such legitimate code could, at best, cause the web site to look distorted, at worst, cause it to not work in a browser at all. Active Content Handling should therefore only be used when the consequences are well understood. Example 6.13. Stripping ActiveX and Java applets This example shows how to configure a HTTP Application Layer Gateway to strip ActiveX and Java applets. The example will use the content_filtering ALG object and presumes you have done one of the previous examples. Command-Line Interface gw-world:/> set ALG ALG_HTTP content_filtering RemoveActiveX=Yes RemoveApplets=Yes Web Interface 1. Go to Objects > ALG 2. In the table, click on our HTTP ALG object, content_filtering 3. Check the Strip ActiveX objects (including flash) control 4. Check the Strip Java applets control 5. Click OK 6.3.3. Static Content Filtering Through the HTTP ALG, NetDefendOS can block or permit certain web pages based on configured lists of URLs which are called blacklists and whitelists. This type of filtering is also known as Static Content Filtering. The main benefit with Static Content Filtering is that it is an excellent tool to target specific web sites, and make the decision as to whether they should be blocked or allowed. Static and Dynamic Filter Ordering Additionally, Static Content Filtering takes place before Dynamic Content Filtering (described below), which allows the possibility of manually making exceptions from the automatic dynamic classification process. In a scenario where goods have to be purchased from a particular on-line store, Dynamic Content Filtering might be set to prevent access to shopping sites by blocking the "Shopping" category. By entering the on-line store's URL into the HTTP Application Layer Gateway's whitelist, access to that URL is always allowed, taking precedence over Dynamic Content Filtering. Wildcarding Both the URL blacklist and URL whitelist support wildcard matching of URLs in order to be more flexible. This wildcard matching is also applicable to the path following the URL hostname which means that filtering can be controlled to a file and directory level. Below are some good and bad blacklist example URLs used for blocking: *.example.com/* Good. This will block all hosts in the example.com domain and all web pages served by those hosts. www.example.com/* Good. This will block the www.example.com website and all web pages served by that site. 293