|Automatically detect and inspect the protocol||If this protocol has been enabled, it will automatically be used for discovering corresponding packets in filter rules.|
Search engine options
|Enable search engine filter (Safesearch)||This mechanism allows excluding websites, documents or images that are explicitly inappropriate or undesirable from the results of web searches conducted on the main search engines (Google, Bing, Yahoo)|
YouTube content restriction
|In this field, the type of restriction to be placed on results of video searches on the YouTube platform can be selected:
|Google services and accounts allowed
|This option allows restricting access to Google services and accounts by entering only authorized domains in this list.
Enter the domain with which you have signed up to Google Apps, as well as any secondary domains you might have added to it. Users accessing Google services from an unauthorized account will be redirected to a Google block page.
The way this option works is the firewall intercepts SSL traffic toward Google and adds the HTTP header “X-GoogApps-Allowed-Domains” to it, the value of which is the list of authorized domain names, separated by commas. For more information, please refer to the following link:
|Inspect HTML code||Any page containing HTML content that is likely to be malicious will be blocked.|
|Max. length for a HTML attribute (Bytes)||Maximum number of bytes for an attribute of a HTML tag (Min : 128; Max: 65536).|
|Automatically delete malicious content||Instead of prohibiting the TCP connection, the scan will erase the malicious content (e.g. attribute, HTML marker) and allow the rest of the HTML page to pass through.
EXAMPLE OF MALICIOUS BEHAVIOR
|Enable on-the-fly data decompression||When HTTP servers present compressed pages, enabling this option will allow decompressing data and inspecting it as and when it passes through the firewall. Since no data will be rewritten, this operation will not cause any additional delay.
List of exceptions to the automatic deletion of malicious code (User-Agent)
This list displays the browsers and their data, which will not be automatically deleted by the earlier option mentioned above. It is possible to Add or Delete elements to or from this list by clicking on the relevant buttons.
|Verify user legitimacy||If this option is selected, you will be enabling user authentication via the HTTP "Authorization" header. The HTTP plugin will therefore be capable of extracting the user and comparing it against the list of users authenticated on the firewall.
When no authenticated users match, the packet will be blocked.
URL: maximum size of elements (in bytes)
Imposing a maximum size for elements (in bytes) allows countering buffer overflow attacks.
|URL (domain+path)||Maximum size of a URL, domain name and path inclusive [128 – 4096 bytes]|
Per parameter (after the '?' [argument])
|Maximum size of a parameter in a URL [128 – 4096 (bytes)]|
|Full query (URL + parameters)||Maximum number of bytes for the full query:
http://URLBuffer ?QueryBuffer [128 – 4096] (bytes)]
|Max. nb of parameters (after '?')||Maximum number of parameters in a URL (Min: 0 ; Max: 512).|
HTTP headers: maximum size of elements (in bytes)
|Number of lines per client request||Maximum number of lines (or headers) that a request can contain, from the client to the server (Min:16; Max: 512).|
|Number of ranges per client request||Maximum number of ranges that a response can contain, from the server to the client (Min: 0; Max: 1024).|
|Number of lines per server response||Maximum number of lines (or headers) that a response can contain, from the server to the client (Min: 16; Max: 512).|
Maximum size of HTTP headers (in bytes)
|AUTHORIZATION field||Maximum number of bytes for the AUTHORIZATION field, including formatting attributes. (Min: 128; Max: 4096).|
|CONTENTTYPE field||Maximum number of bytes for the CONTENTTYPE field, including formatting attributes. (Min: 128; Max: 4096).|
|HOST field||Maximum number of bytes for the HOST field, including formatting attributes. (Min: 128; Max: 4096).|
|COOKIE field||Maximum number of bytes for the COOKIE field, including formatting attributes. (Min: 128; Max: 8192).|
|Other fields||Maximum number of bytes for others field, including formatting attributes. (Min: 128; Max: 4096).|
HTTP session parameters (in seconds)
|Maximum request duration||Set to 30 seconds by default (Max: 600 seconds).|
HTTP protocol extensions
|Allow Shoutcast support||This option allows transporting sound over HTTP.
|Allow WebDAV connections (reading and writing)||This option allows adding writing and locking features to HTTP, and also allows securing HTTPS connections more easily.|
Allowed HTTP commands
List of allowed HTTP commands (in CSV format). All commands included may not exceed 126 characters. It is possible to Add or Delete commands using the respective buttons.
Prohibited HTTP commands
List of prohibited HTTP commands (in CSV format). All commands included may not exceed 126 characters. It is possible to Add or Delete commands using the respective buttons.
|Disable intrusion prevention||When this option is selected, the scan of the HTTP protocol will be disabled and traffic will be authorized if the filter policy allows it|
|Log each HTTP request||Enables or disables the logging of POP3 requests.|