Enabling dynamic web content filtering – D-Link DFL-2500 User Manual

Note

New, uncategorized URLs sent to the D-Link network are treated as anonymous
submissions and no record of the source of new submissions is kept.

Categorizing Pages and Not Sites

NetDefendOS dynamic filtering categorizes web pages and not sites. In other words, a web site may
contain particular pages that should be blocked without blocking the entire site. NetDefendOS
provides blocking down to the page level so that users may still access parts of websites that aren't
blocked by the filtering policy.

Activation

Dynamic Content Filtering is a feature that is enabled by taking out a separate subscription to the
service. This is an addition to the normal NetDefendOS license. For complete details of subscription
services, see Appendix A, Subscribing to Security Updates.

Once a subscription is taken out, an HTTP Application Layer Gateway (ALG) Object should be
defined with Dynamic Content Filtering enabled. This object is then associated with a Service object
and the Service object is then associated with a rule in the IP rule set to determine which traffic
should be subject to the filtering. This makes possible the setting up of a detailed filtering policy
based on the filtering parameters that are used for rules in the IP rule set.

Tip

If you would like your content filtering policy to vary depending on the time of the day,
make use of a schedule object in the corresponding IP rule. For more information,
please see Section 3.6, “Schedules”.

Example 6.15. Enabling Dynamic Web Content Filtering

This example shows how to setup a dynamic content filtering policy for HTTP traffic from intnet to all-nets. The
policy will be configured to block all search sites, and this example assumes that the system is using a single NAT
rule for HTTP traffic from intnet to all-nets.

CLI
(The NAT rule is called NATHttp for the CLI example)
First, create an HTTP Application Layer Gateway (ALG) Object:

gw-world:/> add ALG ALG_HTTP content_filtering WebContentFilteringMode=Enabled

FilteringCategories=SEARCH_SITES

Then, create a Service object using the new HTTP ALG:

gw-world:/> add ServiceTCPUDP http_content_filtering Type=TCP DestinationPorts=80

ALG=content_filtering

Finally, modify the NAT rule to use the new service:

gw-world:/> set IPRule NATHttp Service=http_content_filtering

Web Interface

First, create an HTTP Application Layer Gateway (ALG) Object:

1.

Go to Objects > ALG > Add > HTTP ALG

2.

Specify a suitable name for the ALG, eg. content_filtering

3.

Click the Web Content Filtering tab

4.

Select Enabled in the Mode list

6.3.4. Dynamic Web Content Filtering

Chapter 6. Security Mechanisms

173