Amer Networks E5Web GUI User Manual

the download will be dropped. If nothing is marked in this mode then no files can be
downloaded.

Additional filetypes not included by default can be added to the Allow/Block list
however these cannot be subject to content checking meaning that the file extension
will be trusted as being correct for the contents of the file.

Note: Similarities with other cOS Core ALGs

The Verify MIME type and Allow/Block Selected Types options work in the
same way for the FTP, POP3 and SMTP ALGs.

•

Download File Size Limit

A file size limit can additionally be specified for any single download (this option is only
available for HTTP and SMTP ALG downloads).

Blocking/Allowing Filetypes with an IP Policy

Instead of allowing or blocking certain filetypes using an ALG, it is possible to enable file control
as an option on an IP Policy object. This provides a more direct method of activation which can
be combined with the other options available in an IP policy such as anti-virus scanning and
traffic shaping.

IP policies are described further in Section 3.6.7, “IP Policies”.

The Ordering for HTTP Filtering

HTTP filtering obeys the following processing order and is similar to the order followed by the
SMTP ALG:

1.

Whitelist.

2.

Blacklist.

3.

Web content filtering (if enabled).

4.

Anti-virus scanning (if enabled).

As described above, if a URL is found on the whitelist then it will not be blocked if it also found
on the blacklist. If it is enabled, Anti-virus scanning is always applied, even though a URL is
whitelisted.

If it is enabled, Web content filtering is still applied to whitelisted URLs but if instead of blocking,
flagged URLs are only logged. If it is enabled, Anti-virus scanning is always applied, even though
a URL is whitelisted.

Chapter 6: Security Mechanisms

387