•
Cookies
•
Invalidly formatted UTF-8 Characters (invalid URL formatting can be used to attack web
servers)
The object types to be removed can be selected individually by configuring the corresponding
HTTP Application Layer Gateway accordingly.
Caution: Consider the consequences of removing objects
Careful consideration should be given before enabling removal any object types from
web content. Many web sites use Javascript and other types of client-side code and in
most cases, the code is non-malicious. Common examples of this is the scripting used to
implement drop-down menus as well as hiding and showing elements on web pages.
Removing such legitimate code could, at best, cause the web site to look distorted, at
worst, cause it to not work in a browser at all. Active Content Handling should therefore
only be used when the consequences are well understood.
Example 6.19. Stripping ActiveX and Java applets
This example shows how to configure a HTTP Application Layer Gateway to strip ActiveX and
Java applets. The example will use the
content_filtering
ALG object and assumes one of the
previous examples has been done.
Command-Line Interface
gw-world:/> set ALG ALG_HTTP content_filtering
RemoveActiveX=Yes
RemoveApplets=Yes
Web Interface
1.
Go to: Objects > ALG
2.
In the table, click on the
HTTP ALG object
,
content_filtering
3.
Check the Strip ActiveX objects (including flash) control
4.
Check the Strip Java applets control
5.
Click OK
6.3.3. Static Content Filtering
URL Filtering
Through the HTTP ALG, NetDefendOS can block or permit certain web pages based on
configured lists of URLs which are called
blacklists
and
whitelists
. This type of filtering is also
known as
Static Content Filtering
. The main benefit with Static Content Filtering is that it is an
excellent tool to target specific web sites, and make the decision as to whether they should be
blocked or allowed.
Chapter 6: Security Mechanisms
504
Содержание NetDefendOS
Страница 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Страница 32: ...Chapter 1 NetDefendOS Overview 32 ...
Страница 144: ...Chapter 2 Management and Maintenance 144 ...
Страница 220: ... Enable DHCP passthrough Enable L2 passthrough for non IP protocols 4 Click OK Chapter 3 Fundamentals 220 ...
Страница 267: ... SourceNetwork lannet DestinationInterface any DestinationNetwork all nets 4 Click OK Chapter 3 Fundamentals 267 ...
Страница 284: ...Chapter 3 Fundamentals 284 ...
Страница 360: ...The ospf command options are fully described in the separate NetDefendOS CLI Reference Guide Chapter 4 Routing 360 ...
Страница 392: ...Chapter 4 Routing 392 ...
Страница 396: ...Web Interface 1 Go to Network Ethernet If1 2 Select Enable DHCP 3 Click OK Chapter 5 DHCP Services 396 ...
Страница 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Страница 420: ...Chapter 5 DHCP Services 420 ...
Страница 424: ...2 Now enter Name lan_Access Action Expect Interface lan Network lannet 3 Click OK Chapter 6 Security Mechanisms 424 ...
Страница 573: ...Chapter 6 Security Mechanisms 573 ...
Страница 575: ...This section describes and provides examples of configuring NAT and SAT rules Chapter 7 Address Translation 575 ...
Страница 607: ...Chapter 7 Address Translation 607 ...
Страница 666: ...Chapter 8 User Authentication 666 ...
Страница 775: ...Chapter 9 VPN 775 ...
Страница 819: ...Chapter 10 Traffic Management 819 ...
Страница 842: ...Chapter 11 High Availability 842 ...
Страница 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Страница 879: ...Chapter 13 Advanced Settings 879 ...