Appendix D: Http Content Filtering - D-Link DFL-200 - Security Appliance User Manual

Appendix D: HTTP Content Filtering

HTTP Content Filtering Global Policy
Protection from malicious or improper web content is a must for Business owners and
concerned parents alike. There are numerous vehicles for hackers to damage or take control
of one's PC or even Network. Malicious code may be delivered in deviously crafted ActiveX
controls, Java Scripts, cookies, or tainted file downloads. Many times executable (*.exe) files
are laced with spy-ware or viral programs that become active and take over after the program
is run for the first time.
To help reduce the likelihood of malicious software reaching the PCs on the LAN or DMZ
of the NetDefend Firewall, filtering of HTTP traffic can be customized and enabled. This filter
can be configured to strip ActiveX objects (including flash), Java Applets, Visual Basic/Java
Scripts, and or block cookies. In addition, a Whitelist is configurable to define URLs that will
always be allowed.
websites, domains, and even file types based on file extension.
filters function simultaneously (if enabled/configured) when HTTP content filtering is enabled.
In order for HTTP content filtering to be performed, all HTTP traffic must pass-through an
outbound policy utilizing the HTTP ALG. Due to this behavior content filtering can be applied
to either LAN or DMZ interface simultaneously or independent of one another. Keep in mind
that the content filtering specifications are global and will apply to every instance of a rule
using the HTTP ALG.
Two configurations need to be made in order to use HTTP Content Filtering:
- The Whitelist and Blacklist must be customized to suit the desired filtering requirements.
- HTTP traffic on an interface (LAN or DMZ) must be bound to a rule using the HTTP ALG.
Conversely a Blacklist is provided to allow customizable filtering of
122
All of the aforementioned