374
Configuring web filtering
In legacy network security solutions, network protection is mainly against external attacks. With the
popularity of network applications in every walk of life, however, the internal network also faces security
threats caused by internal users' access to illegal networks. To protect the internal network against such
threats, the network devices must be able to filter illegal access requests from internal users. This is
where the web filtering feature comes in.
The web filtering feature can help network devices prevent internal users from accessing unauthorized
websites and block Java applets and ActiveX objects from webpages. It provides these functions:
•
•
IP address-supported URL address filtering
•
•
•
URL address filtering
URL address filtering can help prevent internal users from accessing prohibited websites or restrict them
to specific websites by checking the URL addresses contained in the web requests.
Processing procedure
1.
After receiving a web request, the router resolves the URL address in the request.
2.
The router matches the URL address against the configured filtering entries.
3.
If a match is found and the filtering action of the matched entry is
permit
, the router forwards the
request.
4.
If a match is found and the filtering action of the matched entry is
deny
, the router drops the web
request and sends a TCP reset packet to both the client that sent the request and the server.
5.
If no match is found, the router forwards or drops the request, depending on the default filtering
action configured for URL address filtering.
IP address-supported URL address filtering
After the URL address filtering function is enabled, the system denies all web requests that use IP
addresses by default. By enabling support for IP address in URL address filtering, configure the router to
allow internal users to access the specified or all websites by using the websites' IP addresses.
Processing procedure
After the router receives a web request that uses an IP address, it processes the request as follows:
•
If URL address filtering supports IP addresses, the router forwards the request. The router permits all
web requests that use the websites' IP addresses to pass.
•
If URL address filtering does not support IP addresses, the router checks the ACL rules for URL
address filtering. If the ACL permits the IP address, the router forwards the request. Otherwise, the
router drops the request.