defined with Dynamic Content Filtering enabled. This object is then associated with a Service object
and the Service object is then associated with a rule in the IP rule set to determine which traffic
should be subject to the filtering. This makes possible the setting up of a detailed filtering policy
based on the filtering parameters that are used for rules in the IP rule set.
Tip
If you would like your content filtering policy to vary depending on the time of the day,
make use of a schedule object in the corresponding IP rule. For more information,
please see Section 3.6, “Schedules”.
Setting Fail Mode
The option exists to set the HTTP ALG fail mode in the same way that it can be set for some other
ALGs and it applies to WCF just as it does to functions such as Anti-Virus scanning. The fail mode
setting determines what happens when dynamic content filtering cannot function and, typically, this
is because NetDefendOS is unable to reach the external databases to perform URL lookup. Fail
mode can have one of two settings:
•
Deny - If WCF is unable to function then URLs are denied if external database access to verify
them is not possible. The user will see an "Access denied" web page.
•
Allow - If the external WCF database is not accessible, URLs are allowed even though they
might be disallowed if the WCF databases were accessible.
Example 6.15. Enabling Dynamic Web Content Filtering
This example shows how to setup a dynamic content filtering policy for HTTP traffic from intnet to all-nets. The
policy will be configured to block all search sites, and this example assumes that the system is using a single NAT
rule for HTTP traffic from intnet to all-nets.
CLI
(The NAT rule is called NATHttp for the CLI example)
First, create an HTTP Application Layer Gateway (ALG) Object:
gw-world:/> add ALG ALG_HTTP content_filtering WebContentFilteringMode=Enabled
FilteringCategories=SEARCH_SITES
Then, create a Service object using the new HTTP ALG:
gw-world:/> add ServiceTCPUDP http_content_filtering Type=TCP DestinationPorts=80
ALG=content_filtering
Finally, modify the NAT rule to use the new service:
gw-world:/> set IPRule NATHttp Service=http_content_filtering
Web Interface
First, create an HTTP Application Layer Gateway (ALG) Object:
1.
Go to Objects > ALG > Add > HTTP ALG
2.
Specify a suitable name for the ALG, for example content_filtering
3.
Click the Web Content Filtering tab
4.
Select Enabled in the Mode list
5.
In the Blocked Categories list, select Search Sites and click the >> button.
6.
Click OK
Then, create a Service object using the new HTTP ALG:
6.3.4. Dynamic Web Content Filtering
Chapter 6. Security Mechanisms
247
Содержание 800 - DFL 800 - Security Appliance
Страница 24: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 24 ...
Страница 69: ...2 6 4 Restore to Factory Defaults Chapter 2 Management and Maintenance 69 ...
Страница 121: ...3 9 DNS Chapter 3 Fundamentals 121 ...
Страница 166: ...interfaces without an overriding IGMP Setting Default 1 000 4 6 4 Advanced IGMP Settings Chapter 4 Routing 166 ...
Страница 181: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 181 ...
Страница 192: ...5 5 IP Pools Chapter 5 DHCP Services 192 ...
Страница 282: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 282 ...
Страница 300: ...mechanism 7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 300 ...
Страница 301: ...7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 301 ...
Страница 303: ... Changed on a regular basis such as every three months 8 1 Overview Chapter 8 User Authentication 303 ...
Страница 318: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 318 ...
Страница 322: ...ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 322 ...
Страница 377: ...Management Interface Failure with VPN Chapter 9 VPN 377 ...
Страница 408: ...10 4 6 SLB_SAT Rules Chapter 10 Traffic Management 408 ...
Страница 419: ...11 5 HA Advanced Settings Chapter 11 High Availability 419 ...
Страница 426: ...12 3 5 Limitations Chapter 12 ZoneDefense 426 ...
Страница 449: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 449 ...