Http - D-Link NetDefend DFL-210 User Manual

6.2.2. HTTP

ALGs and Syn Flood Protection
It should be noted that user-defined custom Service objects have the option to enable Syn Flood
Protection, a feature which specifically targets Syn Flood attacks. If this option is enabled for a
Service object then any ALG associated with that Service will not be used.
6.2.2. HTTP
Hyper Text Transfer Protocol (HTTP) is the primary protocol used to access the World Wide Web
(WWW). It is a connectionless, stateless, application layer protocol based on a request/response
architecture. A client, such as a Web browser, sends a request by establishing a TCP/IP connection
to a known port (usually port 80) on a remote server. The server answers with a response string,
followed by a message of its own. That message might be, for example, an HTML file to be shown
in the Web browser or an ActiveX component to be executed on the client, or perhaps an error
message.
The HTTP protocol faces particular issues because of the wide variety of web sites that can be
accessed and the range of file types that can be downloaded as a result of such access.
The HTTP ALG is an extensive subsystem in NetDefendOS consisting of a number of modules.
These consist of the following features which are described in the indicated dedicated sections of the
manual:
• Static Content Filtering - This deals with Blacklisting and Whitelisting of specific URLs.
• URL Blacklisting - Specific URLs can be blacklisted so that they are not accessible.
Wildcarding can be used when specifying these URLs.
• URL Whitelisting - The opposite to blacklisting, this makes sure certain URLs are always
allowed. Wildcarding can also be used for these URLs.
It iss important to note that whitelisting a URL will mean that no checks such as
virus-scanning or content filtering will be applied to the HTTP traffic. NetDefendOS will
assume that the traffic from the URL can be "trusted".
These features are described in depth in Section 6.3.3, "Static Content Filtering".
• Dynamic Content Filtering - Access to specific URLs can be allowed or blocked according to
policies for certain types of web content. Access to news sites might be allowed whereas access
to gaming sites might be blocked.
This feature is described in depth in Section 6.3.4, "Dynamic Web Content Filtering".
• Anti-Virus Scanning - The contents of HTTP file downloads can be checked for viruses.
The feature is described in depth in Section 6.4, "Anti-Virus Scanning".
• Verify File Integrity - This part of the ALG deals with the filetype of downloaded files.
• Verify MIME type - This is used to check that the filetype of the filename for file
downloads agree with the contents of the file. All filetypes that are checked in this way by
NetDefendOS are listed in Appendix C, Checked MIME filetypes. These filetypes are also
listed in the Allow/Block list described below. Any file download that fails verfication is
aborted by NetDefendOS.
• Allow/Block Selected Types - This list option operates independently of the MIME
verification option described above. The list operates in two modes:
139
Chapter 6. Security Mechanisms