Specific URLs can be blacklisted so that they are not accessible. Wildcarding can be used
when specifying URLs, as described below.
ii.
URL Whitelisting
The opposite to blacklisting, this makes sure certain URLs are always allowed.
Wildcarding can also be used for these URLs, as described below.
It is important to note that whitelisting a URL means that it cannot be blacklisted and it
also cannot be dropped by web content filtering (if that is enabled, although it will be
logged). Anti-Virus scanning, if it is enabled, is also not applied to HTTP traffic from a
whitelisted URL.
This feature is described further in
Section 6.3.3, “Static Content Filtering”
.
Blocking/Allowing Filetypes with an IP Policy
Instead of allowing or blocking certain filetypes using an ALG, it is possible to enable file control
as an option on an
IP Policy
object. This provides a more direct method of activation which can
be combined with the other options available in an IP policy such as anti-virus scanning and
traffic shaping.
To enable file control on an
IP Policy
object, the following steps are required:
•
Create a
File Control Profile
object which specifies which file control actions to take.
•
Assign the
File Control Profile
object to the
File Control
property of an
IP Policy
object that
filters the targeted traffic. Note that
Service
property of the
IP Policy
must be set to a service
that has its
Protocol
property set to the relevant protocol (for example,
HTTP
).
Allow Unknown Protocols
An
IP Policy
object has an ALG related property called
Allow Unknown Protocols
which can be set
when the
Service
object is set for HTTP or HTTPS. This property is disabled by default which
means that any connection using a protocol that NetDefendOS does not recognize as HTTP or
HTTPS will be dropped. This setting can be enabled to allow these connections with a protocol
that is not recognizable as HTTP.
IP policies are described further in
.
The Ordering for HTTP Filtering
HTTP filtering obeys the following processing order and is similar to the order followed by the
SMTP ALG:
1.
Whitelist.
2.
Blacklist.
3.
Web content filtering (if enabled).
4.
Anti-virus scanning (if enabled).
As described above, if a URL is found on the whitelist then it will not be blocked if it also found
Chapter 6: Security Mechanisms
430
Summary of Contents for NetDefendOS
Page 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Page 32: ...Chapter 1 NetDefendOS Overview 32 ...
Page 144: ...Chapter 2 Management and Maintenance 144 ...
Page 284: ...Chapter 3 Fundamentals 284 ...
Page 392: ...Chapter 4 Routing 392 ...
Page 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Page 420: ...Chapter 5 DHCP Services 420 ...
Page 573: ...Chapter 6 Security Mechanisms 573 ...
Page 607: ...Chapter 7 Address Translation 607 ...
Page 666: ...Chapter 8 User Authentication 666 ...
Page 775: ...Chapter 9 VPN 775 ...
Page 819: ...Chapter 10 Traffic Management 819 ...
Page 842: ...Chapter 11 High Availability 842 ...
Page 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Page 879: ...Chapter 13 Advanced Settings 879 ...