D-Link NetDefend DFL-210 User Manual page 175

6.3.4. Dynamic Web Content Filtering
Web Interface
First, create an HTTP Application Layer Gateway (ALG) Object:
1. Go to Objects > ALG > Add > HTTP ALG
2. Specify a suitable name for the ALG, eg. content_filtering
3. Click the Web Content Filtering tab
4. Select Audit in the Mode list
5. In the Blocked Categories list, select Search Sites and click the >> button
6. Click OK
The steps to then create a Service object using the new HTTP ALG and modifing the NAT rule to use the new
service, are described in the previous example.
Allowing Override
On some occasions, Active Content Filtering may prevent users carrying out legitimate tasks.
Consider a stock broker dealing with on-line gaming companies. In his daily work, he might need to
browse gambling web sites to conduct company assessments. If the corporate policy blocks
gambling web-sites, he won't be able to do his job.
For this reason, NetDefendOS supports a feature called Allow Override. With this feature enabled,
the content filtering component will present a warning to the user that he is about to enter a web site
that is restricted according to the corporate policy, and that his visit to the web site will be logged.
This page is known as the restricted site notice. The user is then free to continue to the URL, or
abort the request to prevent being logged.
By enabling this functionality, only users that have a valid reason to visit inappropriate sites will
normally do so. Other will avoid those sites due to the obvious risk of exposing their surfing habits.
Reclassification of Blocked Sites
As the process of classifying unknown web sites is automated, there is always a small risk that some
sites are given an incorrect classification. NetDefendOS provides a mechanism for allowing users to
manually propose a new classification of sites.
This mechanism can be enabled on a per-HTTP ALG level, which means that you can choose to
enable this functionality for regular users or for a selected user group only.
If reclassification is enabled and a user requests a web site which is disallowed, the block web page
will include a dropdown list containing all available categories. If the user believes the requested
web site is wrongly classified, he can select a more appropriate category from the dropdown list and
submit that as a proposal.
The URL to the requested web site as well as the proposed category will then be sent to D-Link's
central data warehouse for manual inspection. That inspection may result in the web site being
reclassified, either according to the category proposed or to a category which is felt to be correct.
FilteringCategories=SEARCH_SITES
Caution
Enabling override can result in a user being able to surf to sites that are linked to by
the visited site.
175
Chapter 6. Security Mechanisms