Table of Contents
Advertisement
on the blacklist.
Using Wildcards in White and Blacklists
Entries made in the white and blacklists can make use of wildcarding to have a single entry be
equivalent to a large number of possible URLs. The wildcard character "*" can be used to
represent any sequence of characters.
For example, the entry *.example.com will block all pages whose URLs end with example.com.
If we want to now explicitly allow one particular page then this can be done with an entry in the
whitelist of the form my_page.example.com and the blacklist will not prevent this page from
being reachable since the whitelist has precedence.
Deploying an HTTP ALG
As mentioned in the introduction, an HTTP ALG object is brought into use by first associating it
with a service object and then associating that service object with an IP rule in the IP rule set. A
number of predefined HTTP services could be used with the ALG. For example, the http service
might be selected for this purpose. As long as the associated service is associated with an IP rule
then the ALG will be applied to traffic targeted by that IP rule.
With HTTPS, the traffic is encrypted and the HTTP ALG can therefore only perform two actions on
this traffic:
•
URL filtering.
•
Web content filtering.
This should be kept in mind when the service used with the ALG includes HTTPS (for example,
when using the http-all service).
Figure 6.2. HTTP ALG Processing Order
431
Chapter 6: Security Mechanisms
- Quick Links:
- User Manual
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
