•
URL verification is not supported.
User Agent Filtering
The
User-Agent
field of the HTTP protocol identifies the client software that is involved in the
HTTP interaction. For many HTTP interactions this is a web browser. For example, the
User-Agent
field generated by the Firefox™ browser might look like the following:
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
The network administrator may want to deny or allow certain web browsers or browser versions
because they pose a security risk or because others are preferable.
The LW-HTTP ALG examine the
User-Agent
field as the traffic traverses the firewall and then only
allow or deny access to agents which match a specified string. This is configured by attaching
one or more
User-Agent Filter
objects as children to a parent
LW-HTTP ALG
object. Each filter
object specifies a single string and the filter will trigger if the string matches a connection's
User-Agent
field. The behavior when it triggers is determined by the
User-Agent Filter Mode
property of the parent
LW-HTTP ALG
object and this can have one of two values:
•
Deny Selected - Only the agents specified by the filter(s) will be denied. All other agents will
be allowed. This is the default.
•
Allow Selected - Only the agents specified by the filter(s) will be allowed. All other agents
will be denied.
As can be seen from the agent example above for Firefox, the entire agent string can be long. It is
therefore better when specifying the agent string in a filter to use wildcards. The following
wildcards can be used:
•
The asterisk "*" character represents any string.
•
The question mark "?" character represents any single character.
For example, if only Firefox browser was to be allowed, a single filter could be specified with the
following string:
*Firefox/*
When a
User-Agent
is blocked, NetDefendOS sends a predefined web page to the client's browser
to alert them that this has happened. This page is not editable by the administrator at this time.
Note: Specifying no filters means all agents will be allowed
If no
User Agent Filter
objects are added to an
LW-HTTP ALG
object then all
User-Agents will be allowed.
Example 6.2. Using the Light Weight HTTP ALG
This example shows how to set up a Light Weight HTTP (LW-HTTP) ALG for clients that are surfing
the web using HTTP from a protected network to the public Internet. It will be configured to
allow only the Firefox and Chrome browsers (all other browsers will be denied). In addition,
protocol upgrading will be allowed.
Chapter 6: Security Mechanisms
433
Содержание NetDefendOS
Страница 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Страница 32: ...Chapter 1 NetDefendOS Overview 32 ...
Страница 144: ...Chapter 2 Management and Maintenance 144 ...
Страница 220: ... Enable DHCP passthrough Enable L2 passthrough for non IP protocols 4 Click OK Chapter 3 Fundamentals 220 ...
Страница 267: ... SourceNetwork lannet DestinationInterface any DestinationNetwork all nets 4 Click OK Chapter 3 Fundamentals 267 ...
Страница 284: ...Chapter 3 Fundamentals 284 ...
Страница 360: ...The ospf command options are fully described in the separate NetDefendOS CLI Reference Guide Chapter 4 Routing 360 ...
Страница 392: ...Chapter 4 Routing 392 ...
Страница 396: ...Web Interface 1 Go to Network Ethernet If1 2 Select Enable DHCP 3 Click OK Chapter 5 DHCP Services 396 ...
Страница 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Страница 420: ...Chapter 5 DHCP Services 420 ...
Страница 424: ...2 Now enter Name lan_Access Action Expect Interface lan Network lannet 3 Click OK Chapter 6 Security Mechanisms 424 ...
Страница 573: ...Chapter 6 Security Mechanisms 573 ...
Страница 575: ...This section describes and provides examples of configuring NAT and SAT rules Chapter 7 Address Translation 575 ...
Страница 607: ...Chapter 7 Address Translation 607 ...
Страница 666: ...Chapter 8 User Authentication 666 ...
Страница 775: ...Chapter 9 VPN 775 ...
Страница 819: ...Chapter 10 Traffic Management 819 ...
Страница 842: ...Chapter 11 High Availability 842 ...
Страница 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Страница 879: ...Chapter 13 Advanced Settings 879 ...