6.3.4.1. Overview
As part of the HTTP ALG, NetDefendOS supportsDynamic Web Content Filtering (Dynamic WCF) of
web traffic, which enables an administrator to permit or block access to web pages based on the
content type of those web pages.
Dynamic WCF can be configured to work with HTTP or HTTPS connections or both.
Dynamic WCF Databases
NetDefendOS Dynamic WCF allows web page blocking to be automated so it is not necessary to
manually specify beforehand which URLs to block or to allow. Instead, D-Link maintains a global
infrastructure of databases containing huge numbers of current web site URL addresses which
are already classified and grouped into a variety of categories such as shopping, news, sport,
adult-oriented and so on.
The scope of the URLs in the databases is global, covering websites in many different languages
and hosted on servers located in many different countries.
Note: WCF database access uses TCP port 9998
When NetDefendOS sends a query to the external WCF databases, it sends it as a TCP
request to the destination port 9998.
Therefore, any network equipment through which the request passes, including other
firewalls, must not block TCP traffic with destination port 9998.
If the equipment through which the message passes is another NetDefend Firewall, an IP
rule with the action Allow should be created along with a custom service that is then
associated with the rule.
WCF Processing Flow
When a user of a web browser requests access to a web site, NetDefendOS queries the external
WCF databases in order to retrieve the category of the requested site. Access to the URL can then
be allowed or denied based on the filtering policy that the administrator has put in place for that
particular category.
If access is denied, a web page will be presented to the user explaining that the requested site
has been blocked. To make the lookup process as fast as possible NetDefendOS maintains a local
cache in memory of recently accessed URLs. Caching can be highly efficient since a given user
community, such as a group of university students, often surfs to a limited range of websites.
Chapter 6: Security Mechanisms
508
To Next Page
Loading...
