Table of Contents
Advertisement
Specific URLs can be blacklisted so that they are not accessible. Wildcarding can be used
when specifying URLs, as described below.
ii.
URL Whitelisting
The opposite to blacklisting, this makes sure certain URLs are always allowed.
Wildcarding can also be used for these URLs, as described below.
It is important to note that whitelisting a URL means that it cannot be blacklisted and it
also cannot be dropped by web content filtering (if that is enabled, although it will be
logged). Anti-Virus scanning, if it is enabled, is also not applied to HTTP traffic from a
whitelisted URL.
This feature is described further in Section 6.3.3, "Static Content Filtering".
Blocking/Allowing Filetypes with an IP Policy
Instead of allowing or blocking certain filetypes using an ALG, it is possible to enable file control
as an option on an IP Policy object. This provides a more direct method of activation which can
be combined with the other options available in an IP policy such as anti-virus scanning and
traffic shaping.
To enable file control on an IP Policy object, the following steps are required:
•
Create a File Control Profile object which specifies which file control actions to take.
•
Assign the File Control Profile object to the File Control property of an IP Policy object that
filters the targeted traffic. Note that Service property of the IP Policy must be set to a service
that has its Protocol property set to the relevant protocol (for example, HTTP).
Allow Unknown Protocols
An IP Policy object has an ALG related property called Allow Unknown Protocols which can be set
when the Service object is set for HTTP or HTTPS. This property is disabled by default which
means that any connection using a protocol that NetDefendOS does not recognize as HTTP or
HTTPS will be dropped. This setting can be enabled to allow these connections with a protocol
that is not recognizable as HTTP.
IP policies are described further in Section 3.6.7, "IP Policy".
The Ordering for HTTP Filtering
HTTP filtering obeys the following processing order and is similar to the order followed by the
SMTP ALG:
1.
Whitelist.
2.
Blacklist.
3.
Web content filtering (if enabled).
4.
Anti-virus scanning (if enabled).
As described above, if a URL is found on the whitelist then it will not be blocked if it also found
430
Chapter 6: Security Mechanisms
- Quick Links:
- User Manual
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
