Enabling Web Content Filtering Using Ip Rules - D-Link NetDefendOS User Manual

• Allow
If the external WCF database is not accessible, URLs are allowed even though they might be
disallowed if the WCF databases were accessible.
Example 6.21. Enabling Web Content Filtering Using IP Rules
This example shows how to set up web content filtering for HTTP traffic from a protected
network to all-nets. It will be configured to block all search sites, and it is assumed that there is
using a single NAT IP rule controlling HTTP traffic.
Note that this example configures filtering using an IP Rule object. It could also be done with an
IP Policy object and a second example is given later which does this.
Command-Line Interface
First, create an HTTP Application Layer Gateway (ALG) Object:
gw-world:/> add ALG ALG_HTTP content_filtering
Then, create a service object using the new HTTP ALG:
gw-world:/> add Service ServiceTCPUDP http_content_filtering Type=TCP
Finally, modify the NAT rule to use the new service. Assume rule is called NATHttp:
gw-world:/> set IPRule NATHttp Service=http_content_filtering
Web Interface
First, create an HTTP Application Layer Gateway (ALG) Object:
1. Go to: Objects > ALG > Add > HTTP ALG
2. Specify a suitable name for the ALG, for example content_filtering
3. Click the Web Content Filtering tab
4. Select Enabled in the Mode list
5. In the Blocked Categories list, select Search Sites and click the >> button.
6. Click OK
Then, create a service object using the new HTTP ALG:
1. Go to: Local Objects > Services > Add > TCP/UDP service
2. Specify a suitable name for the Service, for example http_content_filtering
3. Select TCP in the Type list
WebContentFilteringMode=Enabled
FilteringCategories=SEARCH_SITES
DestinationPorts=80
ALG=content_filtering
511
Chapter 6: Security Mechanisms