Scenario
You would like to block access to certain web pages. If you wanted to block access to a specific web server, you could specify the corresponding IP address, but what if you want to block access to a collection of related web pages that may not correspond to a single server?
IPNetSentryX's URL Keyword feature allows you to specify web pages by matching keywords in the referring URL.
Example 1
Suppose you wanted to block access to a set of web pages about the Apple Music Store. You notice that such pages have URLs of the form:
- http://www.apple.com/music/store/
You could specify a set of rules like this:
You can now access most of Apple's web site normally, but when you hit pages with "/music/store/" in the URL, your web browser will display an image similar to the following:
Notice by matching with the relationship "a=A", we can match upper or lower case letters.
I picked "/music/store/" as a harmless example to demonstrate the concept. You might choose URLs with the keyword "xxx", or keywords for servers that supply website advertising images.
Example 2
Suppose you wanted to restrict access to a specific collection of web sites and block all others. A public student terminal might allow access only to web sites from the ".edu" top level domain for example.
If you just blocked all HTTP traffic that didn't contain the URL keyword ".edu" that would be too much because many packets are not URL references. So you need to first separate packets that are URL references, and then check for URL keyword ".edu". Using the TCP Dump tool (with TCP Flow selected) shows a typical web page access looks like this:
So we might first search for packets to port 80 (HTTP) with the keyword "GET" in the first few bytes, and then block requests that do not have URL keyword ".edu" .
Preliminary testing shows ".edu" web sites come up normally, while others are blocked by IPNetSentry.
Key Features
IPNetSentryX's URL keyword matching feature can restrict web access to a collection of related web sites or pages that don't easily correspond with any server address.
Blocked web pages are indicated explicity in the users web browser.
The tools included with IPNetSentryX can be used to examine network traffic to identify packet characteristics for filtering.
IPNetSentryX supports flexible text matching for data content filtering. The basic format is [<offset>:<length>:<terminating_character>]<match_string>. You can also specify relative offsets (+/-) from the start of the previously matched text.
Please send questions, comments, or suggestions using our general requests form:
http://www.sustworks.com/site/sup_questions.html
Top
Back to IPNetSentryX Application Notes
|