Filtering URLs
It is accessible to use admission lists to admittance or abjure admission to specific Web sites, but
if the account of sites grows long, this band-aid will affect firewall performance. In
addition, admission lists do not accommodate a adjustable way of authoritative admission in this
case; it is not possible, for example, to admittance or abjure admission to specific pages on a
Web site, alone to the accomplished armpit articular by its IP address. Admission lists will also
not assignment for Web sites that are around hosted; in this case, there are abounding Web
sites amid on the aforementioned server and all of them accept the aforementioned IP address, so it is
only accessible to abjure or admittance admission to all of them at the aforementioned time.
As stated, one accepted band-aid moves best of the assignment to a committed URL
filtering server, offloading the PIX’s CPU and acceptance for fine-tuning of Web
access controls.The arrangement of contest is as follows:
1. A applicant establishes a TCP affiliation to a Web server.
2. The applicant sends an HTTP appeal for a folio on this server.
3. The PIX intercepts this appeal and easily it over to the clarification server.
4. The clarification server decides if the applicant should be accustomed admission to the
requested page.
5. If the accommodation is positive, the PIX assiduously the appeal to the server and
the applicant receives the requested content.
6. If the accommodation is negative, the client’s appeal is dropped.
Figure 4.9 demonstrates this process.
Interaction Among a Client, a Web Server, PIX, and a
Filtering Server
"GET /goodpage.html HTTP/1.1
Client Host: www.company.com"
FIltering Server www.mycompany.com
"Permit?"
"Yes"
"GET /goodpage.html HTTP/1.1
Host: www.company.com"