Static Content Filtering - D-Link NetDefendOS User Manual

• Cookies
• Invalidly formatted UTF-8 Characters (invalid URL formatting can be used to attack web
servers)
The object types to be removed can be selected individually by configuring the corresponding
HTTP Application Layer Gateway accordingly.
Example 6.19. Stripping ActiveX and Java applets
This example shows how to configure a HTTP Application Layer Gateway to strip ActiveX and
Java applets. The example will use the content_filtering ALG object and assumes one of the
previous examples has been done.
Command-Line Interface
gw-world:/> set ALG ALG_HTTP content_filtering
Web Interface
1. Go to: Objects > ALG
2. In the table, click on the HTTP ALG object, content_filtering
3. Check the Strip ActiveX objects (including flash) control
4. Check the Strip Java applets control
5. Click OK

6.3.3. Static Content Filtering

URL Filtering
Through the HTTP ALG, NetDefendOS can block or permit certain web pages based on
configured lists of URLs which are called blacklists and whitelists. This type of filtering is also
known as Static Content Filtering. The main benefit with Static Content Filtering is that it is an
excellent tool to target specific web sites, and make the decision as to whether they should be
blocked or allowed.
Caution: Consider the consequences of removing objects
Careful consideration should be given before enabling removal any object types from
web content. Many web sites use Javascript and other types of client-side code and in
most cases, the code is non-malicious. Common examples of this is the scripting used to
implement drop-down menus as well as hiding and showing elements on web pages.
Removing such legitimate code could, at best, cause the web site to look distorted, at
worst, cause it to not work in a browser at all. Active Content Handling should therefore
only be used when the consequences are well understood.
RemoveActiveX=Yes
RemoveApplets=Yes
504
Chapter 6: Security Mechanisms