beautypg.com

Web content filtering, Overview, Active content handling – Amer Networks E5Web GUI User Manual

Page 443: Section 6.3, “web content filtering

background image

6.3. Web Content Filtering

6.3.1. Overview

Web traffic is one of the biggest sources for security issues and misuse of the Internet.
Inappropriate surfing habits can expose a network to many security threats as well as legal and
regulatory liabilities. Productivity and Internet bandwidth can also be impaired.

Filtering Mechanisms

Through the HTTP ALG, cOS Core provides the following mechanisms for filtering out web
content that is deemed inappropriate for an organization or group of users:

Active Content Handling can be used to remove content from web pages that the
administrator considers a potential threat, such as ActiveX objects and Java Applets.

Static Content Filtering provides a means for manually classifying web sites as "good" or "bad".
This is also known as URL blacklisting and whitelisting.

Dynamic Content Filtering is a powerful feature that enables the administrator to allow or
block access to web sites depending on the category they have been classified into by an
automatic classification service. Dynamic content filtering requires a minimum of
administration effort and has very high accuracy.

Note: WCF is enabled through the HTTP ALG

All Web Content Filtering is enabled via the HTTP ALG which is described in Section 6.2.2,
“The HTTP ALG”.

6.3.2. Active Content Handling

Some web content can contain malicious code designed to harm the workstation or the network
from where the user is surfing. Typically, such code is embedded into various types of objects or
files which are embedded into web pages.

cOS Core includes support for removing the following types of objects from web page content:

ActiveX objects (including Flash)

Java applets

Javascript/VBScript code

Cookies

Invalidly formatted UTF-8 Characters (invalid URL formatting can be used to attack web
servers)

The object types to be removed can be selected individually by configuring the corresponding
HTTP Application Layer Gateway accordingly.

Caution: Consider the consequences of removing objects

Careful consideration should be given before enabling removal any object types from

Chapter 6: Security Mechanisms

443

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: