Caution: Overriding the restriction of a site
If a user overrides the restricted site notice page, they are allowed to surf to all pages
without any new restricted site message appearing again. The user is however still
being logged. When the user has become inactive for 5 minutes, the restricted site
page will reappear if they then try to access a restricted site.
Reclassification of Blocked Sites
As the process of classifying unknown web sites is automated, there is always a small risk that some
sites are given an incorrect classification. NetDefendOS provides a mechanism for allowing users to
manually propose a new classification of sites.
This mechanism can be enabled on a per-HTTP ALG level, which means that the administrator can
choose to enable this functionality for regular users or for a selected user group only.
If reclassification is enabled and a user requests a web site which is disallowed, the block web page
will include a dropdown list containing all available categories. If the user believes the requested
web site is wrongly classified, he can select a more appropriate category from the dropdown list and
submit that as a proposal.
The URL to the requested web site as well as the proposed category will then be sent to D-Link's
central data warehouse for manual inspection. That inspection may result in the web site being
reclassified, either according to the category proposed or to a category which is felt to be correct.
Example 6.17. Reclassifying a blocked site
This example shows how a user may propose a reclassification of a web site if he believes it is wrongly classified.
This mechanism is enabled on a per-HTTP ALG level basis.
Command-Line Interface
First, create an HTTP Application Layer Gateway (ALG) Object:
gw-world:/> add ALG ALG_HTTP content_filtering
WebContentFilteringMode=Enable
FilteringCategories=SEARCH_SITES
AllowReclassification=Yes
Then, continue setting up the service object and modifying the NAT rule as we have done in the previous
examples.
Web Interface
First, create an HTTP Application Layer Gateway (ALG) Object:
1.
Go to: Objects > ALG > Add > HTTP ALG
2.
Specify a suitable name for the ALG, for example content_filtering
3.
Click the Web Content Filtering tab
4.
Select Enabled in the Mode list
5.
In the Blocked Categories list, select Search Sites and click the >> button
6.
Check the Allow Reclassification control
7.
Click OK
Then, continue setting up the service object and modifying the NAT rule as we have done in the previous
examples.
Dynamic content filtering is now activated for all web traffic from lannet to all-nets and the user is able to propose
reclassification of blocked sites. Validate the functionality by following these steps:
6.3.4. Dynamic Web Content Filtering
Chapter 6. Security Mechanisms
333
Summary of Contents for NetDefend DFL-1660
Page 28: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 28 ...
Page 88: ...2 6 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 88 ...
Page 166: ...3 10 DNS Chapter 3 Fundamentals 166 ...
Page 254: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 254 ...
Page 268: ...5 4 IP Pools Chapter 5 DHCP Services 268 ...
Page 368: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 368 ...
Page 390: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 390 ...
Page 414: ...8 3 Customizing Authentication HTML Pages Chapter 8 User Authentication 414 ...
Page 490: ...9 8 6 Specific Symptoms Chapter 9 VPN 490 ...
Page 528: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 528 ...
Page 544: ...11 7 HA Advanced Settings Chapter 11 High Availability 544 ...
Page 551: ...12 3 5 Limitations Chapter 12 ZoneDefense 551 ...
Page 574: ...Default 512 13 9 Miscellaneous Settings Chapter 13 Advanced Settings 574 ...
Page 575: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 575 ...