Adding a proxy service for HTTP

Most network administrators use the HTTP proxy service when configuring Web traffic. Many administrators combine their HTTP service with an outgoing proxy service configured Any to Any to keep the HTTP service both easy to understand and control. In the following procedure, you define the content allowed to pass through the firewall.

  1. In Policy Manager, click the Add Service icon. Expand the Proxies folder, double-click HTTP, and then click OK.
    The HTTP Properties dialog box appears. The default stance is to deny incoming traffic and to allow outgoing traffic from Any to Any.
  2. Use the Incoming HTTP connections are drop list to select Enabled and Allowed.
  3. Configure the service as you want. For example, to configure the HTTP proxy to allow incoming traffic from Any to the optional network, click Add beneath the To list. In the Add Address dialog box, add the optional Firebox group. Click OK.
  4. Click the Properties tab. Click Settings.
  5. On the Settings tab, enable HTTP proxy properties according to your security policy preferences.
  6. If you are using the HTTP proxy service because you want to use WebBlocker, see Controlling Web Site Access.
    For a description of each control, right-click it, and then select What's This?. Or, refer to the Field Definitions chapter in the Reference Guide.

 

 Restricting content types for the HTTP proxy

You can configure the HTTP proxy to allow only those MIME types you decide are acceptable security risks. On the Safe Content tab:

  1. To specify that you want to restrict content types that can pass through the HTTP proxy, enable the checkbox marked Allow only safe content types.
  2. If you want to specify content types to allow, click the upper Add button in the dialog box.
    The Select MIME Type dialog box appears.
  3. Select a MIME type. Click OK.
  4. To create a new MIME type, click New Type. Enter the MIME type and description. Click OK.
    The new type appears at the bottom of the Content Types drop list. Repeat this process for each content type. For a list of MIME content types, see the Reference Guide.
  5. If you want to specify unsafe path patterns to block, enter a path pattern next to the left of the Add button. Click Add.
    Only the path and not the host name are filtered. For example, with the Web site www.testsite.com/login/here/index.html, only the elements /login/ and
    /here/ can be added to the unsafe path patterns box, not *testsite*.

 

If you want to disable content type filtering, click the Settings tab. Disable the checkbox marked Require Content Type.

Note: Zip files are denied when you deny Java or ActiveX applets, because Zip files often contain these applets.

 

Related topics:

Selecting an HTTP Service

Configuring a caching proxy server

Incoming service guidelines

Outgoing service guidelines

Configurable parameters for services

Defining Firebox Users and Groups for Authentication

 

 

 

Return to Top

Copyright © 1996 - 2003 WatchGuard Technologies, Inc. All rights reserved.
Legal Notice/Terms of Use