Content Filtering, Active content handling | D-Link DFL-700 manual

Content Filtering

DFL-700 HTTP content filtering can be configured to scan all HTTP content protocol streams for URLs or for web page content.

You can configure URL blacklist to block all or just some of the pages on a website. Using this feature you can deny access to parts of a web site without denying access to it completely.

The HTTP content filter can also be configured to strip contents like ActiveX, Flash and cookies.

There is also a URL whitelist for URLs that should be excluded from all Content Filtering.

To have the URL white/black list match entire sites, you will most likely want to use wildcards before and after the host names, e.g. "*example.com/*". However, this will also trigger on e.g. "myexample.com/", so you may want to split it up in two patterns, e.g. "example.com/*" and "*.example.com/*", to catch the domain name by itself as well as variants with prefixed host names ("www.") without having the filter trigger on domains ending with the same text.

Note: For HTTP URL filtering to work, all HTTP traffic needs to go trough a policy using a service with the HTTP ALG, which is the case for the "http-outbound" service by default.

Also note that the HTTP content filter cannot examine HTTPS (encrypted) connections due to their encrypted nature. If you wish to block access to HTTPS sites, you will need to configure rules in the firewall policy to block access to port 443 (https) on the IP addresses in question.

Active content handling

Active content handling can be enabled or disabled by checking the checkbox before each type you would like to strip. For example to strip ActiveX and Flash enable the checkbox named Strip ActiveX objects. It is possible to strip ActiveX, Flash, Java, JavaScript and VBScript. It is also possible to block cookies.

60

Image 60

D-Link DFL-700 manual Content Filtering, Active content handling

Contents

Link DFL-700 Contents Firewall Servers Status 129 132 Features and Benefits Access Control supportedIntroduction Introduction to Firewalls Introduction to Local Area Networking LEDs Physical Connections Package Contents System Requirements Resetting the DFL700 Managing D-Link DFL-700 Administration Settings Administrative Access Add ping access to an interface Add Admin access to an interface Add Read-only access to an interface Enable Snmp access to an interface System InterfacesChange IP of the LAN or DMZ interface WAN Interface Settings Using Static IP WAN Interface Settings Using DhcpIP Address The IP address of the WAN interface. This is WAN Interface Settings Using PPPoE Password WAN Interface Settings Using Pptp WAN Interface Settings Using BigPond Password The password supplied to you by your ISPTraffic Shaping MTU Configuration Routing Add a new Static Route Remove a Static RouteGo to System and Routing Logging Enable Logging Enable Audit LoggingEnable E-mail alerting for ISD/IDP events Page Time Using NTP to sync time Setting time and date manuallyChanging time zone Checking the Set the system time box Firewall PolicyPolicy modes Action Types Service Filter Source and Destination FilterSchedule Intrusion Detection / Prevention Traffic Shaping Add a new policy Configure Intrusion Detection Enable the Delete policy checkboxEnable the Intrusion Detection / Prevention checkbox Change order of policy Configure Intrusion Prevention Port mapping / Virtual Servers Add a new mapping Enable the Delete mapping checkbox Delete mapping Administrative users Add Administrative User Change Administrative User Access level Change Administrative User PasswordEnable the Change password checkbox Delete Administrative User Enable the Delete user checkbox Users DFL-700 Radius Support Enable User Authentication via Http / Https Enable Radius Support Change User Password Add User Delete User Schedules Add new recurring schedule Services Adding TCP, UDP or TCP/UDP Service Grouping Services Adding IP Protocol Protocol-independent settings VPN Introduction to IPsec Introduction to Pptp Introduction to L2TPPoint-to-Point Protocol Authentication Protocols MPPE, Microsoft Point-To-Point Encryption Authentication protocol L2TP/PPTP Clients Authentication Protocol Introduction chapter L2TP/PPTP Servers Mppe encryption VPN between two networks Creating a LAN-to-LAN IPSec VPN Tunnel VPN between client and an internal network Creating a Roaming Users IPSec VPN Tunnel Adding a L2TP/PPTP VPN Client Adding a L2TP/PPTP VPN Server VPN Advanced Settings Proposal Lists IKE Proposal ListIPSec Proposal List Certificates Trusting CertificatesLocal identities Certificates of remote peers Certificate Authorities Identities Content Filtering Active content handling Edit the URL Global Whitelist Edit the URL Global Blacklist Active content handling Dhcp Server Settings Servers Enable Dhcp Server Enable Dhcp RelayDisable Dhcp Server/Relayer Enable by checking the Use built-in Dhcp Server box DNS Relayer Settings Enable DNS RelayerEnable by checking the Enable DNS Relayer box Disable DNS Relayer Tools PingPing Example Add Dynamic DNS Settings Dynamic DNS Backup Exporting the DFL-700’s ConfigurationRestoring the DFL-700’s Configuration Restart/Reset Restoring system settings to factory defaultsRestarting the DFL-700 Page Upgrade Upgrade FirmwareUpgrade IDS Signature-database Status SystemCPU Load Interfaces VPN Connections Dhcp Server Users How to read the logs Usage eventsDrop events Conn events Open Example Close Example Step by step guides LAN-to-LAN VPN using IPsec LAN IP 192.168.4.1, Subnet maskLocal net 192.168.4.0/24 Enable Automatically add a route for the remote network Remote Net 192.168.1.0/24 LAN IP 192.168.1.1, Subnet mask Local net 192.168.1.0/24 Remote Net 192.168.4.0/24 LAN-to-LAN VPN using Pptp Username BranchOffice Click Activate and wait for the firewall to restart Settings for Main office Page Select Local database Under Users in local database click Add newPage LAN-to-LAN VPN using L2TP Username BranchOffice Check Use IPsec encryption Settings for Main office Page Select Local database Under Users in local database click Add new More secure LAN-to-LAN VPN solution Page Page Settings for Main office Settings for the Windows XP client Windows XP client and Pptp server Select Connect to the network at my workplace and click Next Select Virtual Private Network connection and click Next Name the connection MainOffice and click Next 108 Select Do not dial the initial connection and click Next Page Click Properties Page Setup interfaces, System-Interfaces WAN IP193.0.2.20 Page Windows XP client and L2TP server 116 Settings for Main office Page Content filtering Firewall-Services Select HTTP/HTML Content Filtering in the ALG dropdownPage Page Intrusion detection and prevention Page Check Enable E-mail alerting for IDS/IDP events Limit bandwidth to a service Traffic shaping Guarantee bandwidth to a service Page Appendixes Appendix a Icmp Types and CodesPage Appendix B Common IP Protocol Numbers ESP Limited Warranty What Is Not Covered Wichtige Sicherheitshinweise CE Mark Warning WarnungAdvertencia de Marca de la CE Attenzione Vcci Warning Offices 138 Page 140