Scribd
Upload
66 views

How To Configure HTTP ALG For Web URL Filter

This document provides steps to configure HTTP ALG on a D-Link NetDefend firewall to implement web URL filtering. Example 1 shows how to block access to the entire www.yahoo.com website. Example 2 builds on this to block the whole yahoo.com site except for the sports.yahoo.com subdomain, which is whitelisted. The 10 steps navigate the firewall interface to add HTTP ALG rules to blacklist URLs, add the HTTP ALG to a service, and create a rule to apply the service to inbound HTTP traffic from the LAN.

Uploaded by

jafar cad
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
66 views

How To Configure HTTP ALG For Web URL Filter

This document provides steps to configure HTTP ALG on a D-Link NetDefend firewall to implement web URL filtering. Example 1 shows how to block access to the entire www.yahoo.com website. Example 2 builds on this to block the whole yahoo.com site except for the sports.yahoo.com subdomain, which is whitelisted. The 10 steps navigate the firewall interface to add HTTP ALG rules to blacklist URLs, add the HTTP ALG to a service, and create a rule to apply the service to inbound HTTP traffic from the LAN.

Uploaded by

jafar cad
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Configuration examples for the D-Link NetDefend Firewall series DFL-210/800/1600/2500

Scenario: How to
configure Http ALG for Web URL Filter

Last update: 2008-01-30

Overview
In this document, the notation Objects->Address book means that in the tree on the left side of the screen Objects first should be clicked (expanded) and then Address Book. Most of the examples in this document are adapted for the DFL-800. The same settings can easily be used for all other models in the series. The only difference is the names of the interfaces. Since the DFL-1600 and DFL-2500 has more than one lan interface, the lan interfaces are named lan1, lan2 and lan3 not just lan. The screenshots in this document is from firmware version 2.11.02. If you are using an earlier version of the firmware, the screenshots may not be identical to what you see on your browser. To prevent existing settings to interfere with the settings in these guides, reset the firewall to factory defaults before starting.

How to configure Http ALG for Web URL Filter


This scenario shows how a firewall can control internet web surfing behaviour for network clients. Example 1: Block http://www.yahoo.com/ whole web site Step 1: Go to Objects ->ALG

Step 2: Add a new HTTP ALG Or edit pre-define rule http-outbound

Step 3: Click http-outbound Add Http ALG URL

Step 4: Action: Blacklist URL: *yahoo.com/* Click OK

Step 5: Add TCP/IP service Or edit pre-define http-outbound service

Step 6: Click Http-outbound service Select http-outbound Http ALG

Click OK

Step 7: Go to Rule-> IP Rules Add IP Rule

Step 8: In General tab Name: http_ALG Action: Allow Service: http

Source Interface: lan Source Network: lannet Destination Interface: any Destination Network: all-nets Click OK

Step9: Click Right-Click on http_ALG rule Click Move to Top

Step 10: Click Save and Active

Example 2: Block http://www.yahoo.com/ whole web site Allow http://sports.yahoo.com/ whole site only All configurations is the same as example 1 But in step 4: Add a whitelist for http://sports.yahoo.com/ Action: Whitelist URL: sports.yahoo.com/* Click OK

! Note: Whitelist priority is higher than Blocklist, it means that you should configure whole
URL of web site to be blocked, and then allow some section of web site. In this case, If you configure Action: block URL: sports.yahoo.com/*, and Action: whitelist URL: *.yahoo.com/*, filrewall can not block sports.yahoo.com/* since another whitelist rule already allows whole *.yahoo.com/* web site first.

You might also like