D-Link DFL-200 manual Content Filtering, Active content handling

Page 55

Content Filtering

DFL-200 HTTP content filtering can be configured to scan all HTTP content protocol streams for URLs or for web page content.

You can configure URL blacklist to block all or just some of the pages on a website. Using this feature you can deny access to parts of a web site without denying access to it completely.

The HTTP content filter can also be configured to strip contents like ActiveX, Flash and cookies.

There is also a URL whitelist for URLs that should be excluded from all Content Filtering.

To have the URL white/black list match entire sites, you will most likely want to use wildcards before and after the host names, e.g. "*example.com/*". However, this will also trigger on e.g. "myexample.com/", so you may want to split it up in two patterns, e.g. "example.com/*" and "*.example.com/*", to catch the domain name by itself as well as variants with prefixed host names ("www.") without having the filter trigger on domains ending with the same text.

Note: For HTTP URL filtering to work, all HTTP traffic needs to go trough a policy using a service with the HTTP ALG, which is the case for the "http-outbound" service by default.

Also note that the HTTP content filter cannot examine HTTPS (encrypted) connections due to their encrypted nature. If you wish to block access to HTTPS sites, you will need to configure rules in the firewall policy to block access to port 443 (https) on the IP addresses in question.

Active content handling

Active content handling can be enabled or disabled by checking the checkbox before each type you would like to strip. For example to strip ActiveX and Flash enable the checkbox named Strip ActiveX objects. It is possible to strip ActiveX, Flash, Java, JavaScript and VBScript. It is also possible to block cookies.

Image 55
Contents Link DFL-200 Contents VPN Servers 111 125 122Introduction to Firewalls Features and BenefitsAccess Control supported IntroductionIntroduction to Local Area Networking Physical Connections LEDsSystem Requirements Package ContentsManaging D-Link DFL-200 Resetting the DFL-200Administrative Access Administration SettingsAdd Admin access to an interface Add ping access to an interfaceEnable Snmp access to an interface Add Read-only access to an interfaceInterfaces SystemChange IP of the LAN or DMZ interface WAN Interface Settings Using Dhcp WAN Interface Settings Using Static IPIP Address The IP address of the WAN interface. This is Password WAN Interface Settings Using PPPoEWAN Interface Settings Using Pptp MTU Configuration WAN Interface Settings Using BigPondPassword The password supplied to you by your ISP Routing Remove a Static Route Add a new Static RouteGo to System and Routing Logging Enable Audit Logging Enable LoggingEnable E-mail alerting for ISD/IDP events Page Time Checking the Set the system time box Using NTP to sync timeSetting time and date manually Changing time zoneAction Types FirewallPolicy Policy modesSource and Destination Filter Service FilterSchedule Add a new policy Intrusion Detection / PreventionChange order of policy Configure Intrusion DetectionEnable the Delete policy checkbox Enable the Intrusion Detection / Prevention checkboxConfigure Intrusion Prevention Add a new mapping Port mapping / Virtual ServersDelete mapping Enable the Delete mapping checkboxDFL-200 Radius Support UsersEnable Radius Support Enable User Authentication via Http / HttpsEnable the Change password checkbox Change User PasswordAdd User Delete User Enable the Delete user checkboxAdd new recurring schedule SchedulesAdding TCP, UDP or TCP/UDP Service ServicesAdding IP Protocol Grouping ServicesProtocol-independent settings Introduction to IPSec VPNIntroduction to L2TP Introduction to PptpPoint-to-Point Protocol MPPE, Microsoft Point-To-Point Encryption Authentication ProtocolsL2TP/PPTP Clients Authentication protocolL2TP/PPTP Servers Authentication Protocol Introduction chapterMppe encryption Creating a LAN-to-LAN IPSec VPN Tunnel VPN between two networksCreating a Roaming Users IPSec VPN Tunnel VPN between client and an internal networkAdding a L2TP/PPTP VPN Server Adding a L2TP/PPTP VPN ClientVPN Advanced Settings IKE Proposal List Proposal ListsIPSec Proposal List Certificates of remote peers CertificatesTrusting Certificates Local identitiesIdentities Active content handling Content FilteringEdit the URL Global Whitelist Edit the URL Global Blacklist Active content handling Servers Dhcp Server SettingsEnable by checking the Use built-in Dhcp Server box Enable Dhcp ServerEnable Dhcp Relay Disable Dhcp Server/RelayerEnable DNS Relayer DNS Relayer SettingsEnable by checking the Enable DNS Relayer box Disable DNS Relayer Ping ToolsDynamic DNS Add Dynamic DNS SettingsPing Example Exporting the DFL-200’s Configuration BackupRestoring the DFL-200’s Configuration Restarting the DFL-200 Restart/ResetRestoring system settings to factory defaults Page Upgrade Firmware UpgradeUpgrade IDS Signature-database System StatusCPU Load Interfaces VPN Click Connections below it. a window will ConnectionsDhcp Server Logging Conn events How to read the logsUsage events Drop eventsClose Example Open ExampleStep by step guides LAN IP 192.168.4.1, Subnet mask LAN-to-LAN VPN using IPsecRemote Net 192.168.1.0/24 Enable Automatically add a route for the remote networkLocal net 192.168.1.0/24 LAN IP 192.168.1.1, Subnet maskRemote Net 192.168.4.0/24 LAN-to-LAN VPN using Pptp Username BranchOffice Click Global policy parameters Settings for Main office Page Under Users in local database click Add new Select Local databasePage LAN-to-LAN VPN using L2TP Username BranchOffice Check Use IPsec encryption Setup interfaces, System-Interfaces WAN IP193.0.2.20 Page Select Local database Under Users in local database click Add new More secure LAN-to-LAN VPN solution Page Page Settings for Main office Windows XP client and Pptp server Settings for the Windows XP clientSelect Connect to the network at my workplace and click Next Select Virtual Private Network connection and click Next Name the connection MainOffice and click Next 104 Select Do not dial the initial connection and click Next Page Click Properties Page Name the new user HomeUser Enter password Retype password Page Windows XP client and L2TP server 112 Settings for Main office Page Content filtering Select HTTP/HTML Content Filtering in the ALG dropdown Firewall-ServicesPage Page Intrusion detection and prevention Page Check Enable E-mail alerting for IDS/IDP events Appendix a Icmp Types and Codes AppendixesPage ESP Appendix B Common IP Protocol NumbersLimited Warranty What Is Not Covered Wichtige Sicherheitshinweise Attenzione CE Mark WarningWarnung Advertencia de Marca de la CEVcci Warning Offices Singapore D-LINK International 132
Related manuals
Manual 14 pages 8.62 Kb Manual 12 pages 24 Kb