Active Wall Professional v2.0.2007.1212 released

Active Wall news & updates. (Read Only)

Active Wall Professional v2.0.2007.1212 released

Postby admin » Thu Dec 13, 2007 6:32 am

Download: http://download.lanctrl.com/en/awalltrial.msi

Active Wall Professional includes the following plugins:
Authorization,Time Filter,Port Filter,Bandwidth Control,Show Flux,MAC Filter,IP Filter,DNS Filter,HTTP Filter,SMTP Filter,POP3 Filter,IM Filter,FTP Filter,HTTPS Filter,Redirect Proxy,Log to Files,Log to Database,Log to Mail,Log to Message.
admin
Site Admin
 
Posts: 386
Joined: Wed Dec 31, 1969 4:00 pm

New plugin HTTPS Filter released

Postby admin » Thu Dec 13, 2007 6:42 am

New plugin HTTPS Filter released

5.14. HTTPS Filter
The HTTPS filter module is used for filtering HTTP over SSL, including IP address, net address, server side certificate, SSL version and so on. Following shows a [HTTPS Filter Config] dialog:

Image

Operation instruction:

    1. Select a group which you want to configure in list [Group].
    2. Fill the edit blanks, select a policy, and then press <Add>.
    3. Select an item in the list, press <Up> or <Down> to adjust the order of the filters.
    4. Select an item in the list, right click the mouse and press [Delete] in the popup menu to delete the item.
    5. Add IP filtering: select [IP] tab, input IP address, select a policy and then press <Add>.
    6. Add subnet filtering: select [Net] tab, input a network number and a length of mask, select a policy, and then press <Add>.
    7. [Cert]: in the [Cert] tab, input a certificate into [Cert] blank, select a policy, and then press <Add>. When the computers in this group visit a server which certificate matches this item, the policy will be applied. [Cert] filter applies wildcard match.
    8. [Deny https proxy tunnel]: When selecting this option, it will ban the users from using https tunnel. Only the standard HTTPS protocol can pass through.
    9. [Deny server without certificate]: When selecting this option, it will ban the users from visiting a server which use the standard SSL protocol but has no certificate.
    10. [Disable SSL 2.0]: When selecting this option, it will ban the users from using SSL version 2.0 protocol.
    11. [Disable SSL 3.0]: When selecting this option, it will ban the users from using SSL version 3.0 protocol.
    12. [Disable TLS 1.0]: When selecting this option, it will ban the users from using TLS version 1.0 protocol.
    13. Press <OK> or <Cancel>.
Additional instruction:

    1. [Subnet]: CIDR network prefix presentation (RFC 1878) is used for recording IP address. For example, a network address 210.31.233.0, with its mask 255.255.255.0, can be recorded as 210.31.233.0/24; a network address 166.133.0.0, with its mask 255.255.0.0, can be recorded as 166.133.0.0/16; a network address 192.168.0.0, with its mask 255.255.255.240, can be recorded as 192.168.0.0/28, etc.
    2. The order of IP/Net filtering is from narrow to wide range. For example, IP "61.141.238.1" policy is "Pass", and subnet "61.141.238.0/24" policy is "Deny", which means that the only IP "61.141.238.1" can be passed in the subnet "61.141.238.0/24", all the other IP addresses are denied.
    3. [Cert] filters are running in the order of top-down and apply wildcard match. For example, in the first policy (certificate is "*.paypal.*", policy is "Deny"), in the second policy (certificate is "*", policy is "Pass Record"), it means all the servers which certificate match "*.paypal.*" will be denied, and the other servers will be passed and recorded.


Tip: Since HTTPS is the most common protocol on the Internet, many software go through HTTPS tunneling to contact with outside in order to transpierce a firewall. Please enable the option [Deny https proxy tunnel] and [Deny server without certificate] to deny https tunnel.
admin
Site Admin
 
Posts: 386
Joined: Wed Dec 31, 1969 4:00 pm


Return to Announcements

Who is online

Users browsing this forum: No registered users and 1 guest

cron