beautypg.com

Static content filtering, Stripping activex and java applets, Section 6.3.3, “static content filtering – Amer Networks E5Web GUI User Manual

Page 444

background image

web content. Many web sites use Javascript and other types of client-side code and in
most cases, the code is non-malicious. Common examples of this is the scripting used to
implement drop-down menus as well as hiding and showing elements on web pages.

Removing such legitimate code could, at best, cause the web site to look distorted, at
worst, cause it to not work in a browser at all. Active Content Handling should therefore
only be used when the consequences are well understood.

Example 6.14. Stripping ActiveX and Java applets

This example shows how to configure a HTTP Application Layer Gateway to strip ActiveX and
Java applets. The example will use the content_filtering ALG object and assumes one of the
previous examples has been done.

Command-Line Interface

Device:/> set ALG ALG_HTTP content_filtering

RemoveActiveX=Yes
RemoveApplets=Yes

InControl

Follow the same steps used for the Web Interface below.

Web Interface

1.

Go to: Objects > ALG

2.

In the table, click on the HTTP ALG object, content_filtering

3.

Check the Strip ActiveX objects (including flash) control

4.

Check the Strip Java applets control

5.

Click OK

6.3.3. Static Content Filtering

Through the HTTP ALG, cOS Core can block or permit certain web pages based on configured
lists of URLs which are called blacklists and whitelists. This type of filtering is also known as Static
Content Filtering. The main benefit with Static Content Filtering is that it is an excellent tool to
target specific web sites, and make the decision as to whether they should be blocked or
allowed.

Static and Dynamic Filtering Order

Additionally, Static Content Filtering takes place before Dynamic Content Filtering (described
below), which allows the possibility of manually making exceptions from the automatic dynamic
classification process. In a scenario where goods have to be purchased from a particular on-line
store, Dynamic Content Filtering might be set to prevent access to shopping sites by blocking
the "Shopping" category. By entering the on-line store's URL into the HTTP Application Layer

Chapter 6: Security Mechanisms

444

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: