IPS tab
| Automatically detect and inspect the protocol | If this protocol is enabled, the inspection function will automatically apply to discover corresponding traffic that filter rules allow. |
Search engine options
| Enable search engine filter (Safesearch) | This mechanism allows excluding websites, documents or images that are explicitly inappropriate or undesirable from the results of web searches conducted on the main search engines (Google, Bing, Yahoo) |
|
YouTube content restriction |
In this field, the type of restriction to be placed on results of video searches on the YouTube platform can be selected:
|
| Google services and accounts allowed
|
This option restricts access to Google services and accounts by entering only allowed domains in this list. Enter the domain with which you have signed up to Google Apps, as well as any secondary domains you might have added to it. Users accessing Google services from unauthorized accounts will be redirected to a Google block page. The way this option works is the firewall intercepts SSL traffic toward Google and adds the HTTP header “X-GoogApps-Allowed-Domains” to it, the value of which is the list of allowed domain names, separated by commas. For more information, please refer to the following link: FR https://support.google.com/a/answer/1668854?hl=fr EN https://support.google.com/a/answer/1668854?hl=en NOTE |
HTML/JavaScript analyses
| Inspect HTML code | Any page containing HTML content that is likely to be malicious will be blocked. |
| Max. length for a HTML tag (Bytes) | Maximum number of bytes for an attribute of a HTML tag (Min: 128; Max: 65536). |
| Inspect JavaScript code | In order to prevent malicious content from damaging dynamic and interactive web pages that use JavaScript programming, a scan will be conducted in order to detect them. In the same way as for the option Inspect HTML code, if this option is selected, a page containing JavaScript content that is likely to be malicious will be blocked. |
| Automatically delete malicious content | Instead of prohibiting the TCP connection, the scan will erase the malicious content (e.g. attribute, HTML marker) and allow the rest of the HTML page to pass through. EXAMPLE OF MALICIOUS BEHAVIOR NOTE |
| Enable on-the-fly data decompression | When HTTP servers present compressed pages, enabling this option will allow decompressing data and inspecting it as and when it passes through the firewall. Since no data will be rewritten, this operation will not cause any additional delay. NOTE |
List of exceptions to the automatic deletion of malicious code (User-Agent)
This list displays the browsers and their data, which will not be automatically deleted by the earlier option mentioned above. It is possible to Add or Delete elements to or from this list by clicking on the relevant buttons.
Authentication
| Verify user legitimacy | If this option is selected, you will be enabling user authentication via the HTTP "Authorization" header. The HTTP plugin will therefore be capable of extracting the user and comparing it against the list of users authenticated on the firewall. When no authenticated users match, the packet will be blocked. |
Advanced properties
URL: maximum size of elements (in bytes)
Imposing a maximum size for elements (in bytes) allows countering buffer overflow attacks.
| URL (domain+path) | Maximum size of a URL, domain name and path inclusive [128 – 4096 bytes] |
|
Per parameter (after the '?' [argument]) |
Maximum size of a parameter in a URL [128 – 4096 (bytes)] |
| Full query (URL + parameters) | Maximum number of bytes for the full query: http://URLBuffer ?QueryBuffer [128 – 4096] (bytes)] |
URL
| Max. nb of parameters (after '?') | Maximum number of parameters in a URL (Min: 0; Max: 512). |
HTTP headers: maximum size of elements (in bytes)
| Number of lines per client request | Maximum number of lines (or headers) that a request can contain, from the client to the server (Min:16; Max: 512). |
| Number of ranges per client request | Maximum number of ranges that a response can contain, from the server to the client (Min: 0; Max: 1024). |
| Number of lines per server response | Maximum number of lines (or headers) that a response can contain, from the server to the client (Min: 16; Max: 512). |
Maximum size of HTTP headers (in Bytes)
| AUTHORIZATION field | Maximum number of bytes for the AUTHORIZATION field, including formatting attributes. (Min: 128; Max: 4096). |
| CONTENTTYPE field | Maximum number of bytes for the CONTENTTYPE field, including formatting attributes. (Min: 128; Max: 4096). |
| HOST field | Maximum number of bytes for the HOST field, including formatting attributes. (Min: 128; Max: 4096). |
| COOKIE field | Maximum number of bytes for the COOKIE field, including formatting attributes. (Min: 128; Max: 8192). |
| Other fields | Maximum number of bytes for others field, including formatting attributes. (Min: 128; Max: 4096). |
| Authorization (NTLM) field | Maximum number of bytes for the AUTHORIZATION (NTLM) field, including formatting attributes. (Min: 128; Max: 4096). |
| Content-Security-Policy field | Maximum number of bytes for the Content-Security-Policy field, including formatting attributes. (Min: 128; Max: 65535). |
HTTP session parameters (in seconds)
| Maximum request duration | Set to 30 seconds by default (Max: 600 seconds). |
HTTP protocol extensions
| Allow Shoutcast support | This option allows transporting sound over HTTP. EXAMPLES |
| Allow WebDAV connections (reading and writing) | This option allows adding writing and locking features to HTTP, and also allows securing HTTPS connections more easily. |
Allowed HTTP commands
List of allowed HTTP commands (in CSV format). All commands included may not exceed 126 characters. It is possible to Add or Delete commands using the respective buttons.
Prohibited HTTP commands
List of prohibited HTTP commands (in CSV format). All commands included may not exceed 126 characters. It is possible to Add or Delete commands using the respective buttons.
Support
| Disable intrusion prevention | When this option is selected, the scan of the HTTP protocol will be disabled and traffic will be authorized if the filter policy allows it |
| Log every HTTP query | Enables or disables the logging of POP3 requests. |