Using The Light Weight Http Alg - D-Link NetDefendOS User Manual

• URL verification is not supported.
User Agent Filtering
The User-Agent field of the HTTP protocol identifies the client software that is involved in the
HTTP interaction. For many HTTP interactions this is a web browser. For example, the User-Agent
field generated by the Firefox™ browser might look like the following:
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
The network administrator may want to deny or allow certain web browsers or browser versions
because they pose a security risk or because others are preferable.
The LW-HTTP ALG examine the User-Agent field as the traffic traverses the firewall and then only
allow or deny access to agents which match a specified string. This is configured by attaching
one or more User-Agent Filter objects as children to a parent LW-HTTP ALG object. Each filter
object specifies a single string and the filter will trigger if the string matches a connection's
User-Agent field. The behavior when it triggers is determined by the User-Agent Filter Mode
property of the parent LW-HTTP ALG object and this can have one of two values:
• Deny Selected - Only the agents specified by the filter(s) will be denied. All other agents will
be allowed. This is the default.
• Allow Selected - Only the agents specified by the filter(s) will be allowed. All other agents
will be denied.
As can be seen from the agent example above for Firefox, the entire agent string can be long. It is
therefore better when specifying the agent string in a filter to use wildcards. The following
wildcards can be used:
• The asterisk "*" character represents any string.
• The question mark "?" character represents any single character.
For example, if only Firefox browser was to be allowed, a single filter could be specified with the
following string:
When a User-Agent is blocked, NetDefendOS sends a predefined web page to the client's browser
to alert them that this has happened. This page is not editable by the administrator at this time.
Note: Specifying no filters means all agents will be allowed
If no User Agent Filter objects are added to an LW-HTTP ALG object then all
User-Agents will be allowed.
Example 6.2. Using the Light Weight HTTP ALG
This example shows how to set up a Light Weight HTTP (LW-HTTP) ALG for clients that are surfing
the web using HTTP from a protected network to the public Internet. It will be configured to
allow only the Firefox and Chrome browsers (all other browsers will be denied). In addition,
protocol upgrading will be allowed.
*Firefox/*
433
Chapter 6: Security Mechanisms