Reclassifying A Blocked Site - D-Link NetDefendOS User Manual

be logged. This page is known as the restricted site notice. The user is then free to continue to the
URL, or abort the request to prevent being logged.
By enabling this functionality, only users that have a valid reason to visit inappropriate sites will
normally do so. Other will avoid those sites due to the obvious risk of exposing their surfing
habits.
Caution: Overriding the restriction of a site
If a user overrides the restricted site notice page, they are allowed to surf to all pages
without any new restricted site message appearing again. However, the user is still
being logged. When the user has been inactive for 5 minutes, the restricted site page will
reappear if they then try to access a restricted site.
Reclassification of Blocked Sites
As the process of classifying unknown web sites is automated, there is always a small risk that
some sites are given an incorrect classification. NetDefendOS provides a mechanism for allowing
users to manually propose a new classification of sites.
This mechanism can be enabled on a per-HTTP ALG level, which means that the administrator
can choose to enable this functionality for regular users or for a selected user group only.
If reclassification is enabled and a user requests a web site which is disallowed, the block web
page will include a dropdown list containing all available categories. If the user believes the
requested web site is wrongly classified, he can select a more appropriate category from the
dropdown list and submit that as a proposal.
The URL to the requested web site as well as the proposed category will then be sent to D-Link's
central data warehouse for manual inspection. That inspection may result in the web site being
reclassified, either according to the category proposed or to a category which is felt to be correct.
Example 6.23. Reclassifying a blocked site
This example shows how a user may propose a reclassification of a web site if he believes it is
wrongly classified. This mechanism is enabled on a per-HTTP ALG level basis.
Command-Line Interface
First, create an HTTP Application Layer Gateway (ALG) Object:
gw-world:/> add ALG ALG_HTTP content_filtering
Then, continue setting up the service object and modifying the NAT rule as we have done in the
previous examples.
Web Interface
First, create an HTTP Application Layer Gateway (ALG) Object:
1. Go to: Objects > ALG > Add > HTTP ALG
2. Specify a suitable name for the ALG, for example content_filtering
WebContentFilteringMode=Enable
FilteringCategories=SEARCH_SITES
AllowReclassification=Yes
514
Chapter 6: Security Mechanisms