Content Filtering
DFL-200 HTTP content filtering can be configured to scan all HTTP content protocol
streams for URLs or for web page content.
You can configure URL blacklist to block all or just some of the pages on a website. Using
this feature you can deny access to parts of a web site without denying access to it
completely.
The HTTP content filter can also be configured to strip contents like ActiveX, Flash and
cookies.
There is also a URL whitelist for URLs that should be excluded from all Content Filtering.
To have the URL white/black list match entire sites, you will most likely want to use
wildcards before and after the host names, e.g. "*example.com/*". However, this will also
trigger on e.g. "myexample.com/", so you may want to split it up in two patterns, e.g.
"example.com/*" and "*.example.com/*", to catch the domain name by itself as well as
variants with prefixed host names ("www.") without having the filter trigger on domains ending
with the same text.
Note: For HTTP URL filtering to work, all HTTP traffic needs to go trough a policy using a
service with the HTTP ALG, which is the case for the "http-outbound" service by default.
Also note that the HTTP content filter cannot examine HTTPS (encrypted) connections
due to their encrypted nature. If you wish to block access to HTTPS sites, you will need to
configure rules in the firewall policy to block access to port 443 (https) on the IP addresses in
question.
Active content handling
Active content handling can be enabled or disabled by checking the checkbox before each
type you would like to strip. For example to strip ActiveX and Flash enable the checkbox
named Strip ActiveX objects. It is possible to strip ActiveX, Flash, Java, JavaScript and
VBScript. It is also possible to block cookies.