beautypg.com

Setting up a white and blacklist – Amer Networks E5Web GUI User Manual

Page 445

background image

Gateway's whitelist, access to that URL is always allowed, taking precedence over Dynamic
Content Filtering.

Wildcarding

Both the URL blacklist and URL whitelist support wildcard matching of URLs in order to be more
flexible. This wildcard matching is also applicable to the path following the URL hostname which
means that filtering can be controlled to a file and directory level.

Below are some good and bad blacklist example URLs used for blocking:

*.example.com/*

Good. This will block all hosts in the example.com domain and all web
pages served by those hosts.

www.example.com/*

Good. This will block the www.example.com website and all web
pages served by that site.

*/*.gif

Good. This will block all files with .gif as the file name extension.

www.example.com

Bad. This will only block the first request to the web site. Surfing to
www.example.com/index.html, for example, will not be blocked.

*example.com/*

Bad. This will also cause www.myexample.com to be blocked since it
blocks all sites ending with example.com.

Note: The hosts and networks blacklist is separate

Web content filtering URL blacklisting is a separate concept from Section 6.7,
“Blacklisting Hosts and Networks”.

Example 6.15. Setting up a white and blacklist

This example shows the use of static content filtering where cOS Core can block or permit certain
web pages based on blacklists and whitelists. As the usability of static content filtering will be
illustrated, dynamic content filtering and active content handling will not be enabled in this
example.

In this small scenario a general surfing policy prevents users from downloading .exe-files.
However, the Clavister website provides secure and necessary program files which should be
allowed to download.

Command-Line Interface

Start by adding an HTTP ALG in order to filter HTTP traffic:

Device:/> add ALG ALG_HTTP content_filtering

Then create a HTTP ALG URL to set up a blacklist:

Device:/> cc ALG ALG_HTTP content_filtering

Device:/content_filtering> add ALG_HTTP_URL

URL=*/*.exe
Action=Blacklist

Chapter 6: Security Mechanisms

445

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: