What are HTTP and the HTTP Proxy?

HTTP (Hypertext Transfer Protocol) is a protocol for sending and displaying files (text, graphic images, sound, video, and other multimedia files) on the Internet. The HTTP Proxy is a high performance content filter. It examines Web traffic to identify suspicious content, which can be a spyware, malformed content, or another type of attack. It can also protect your Web server from attacks from the external network using protocol anomaly detection rules to identify and deny suspicious packets.

You can configure the HTTP Proxy to:

• Only allow content that matches RFC specifications for Web server and clients
• Restrict the content the Firebox allows into your network, based upon fully a qualified domain name, path name, file name or extension as it appears in the URL.
• Restrict the content the Firebox allows into your network based upon MIME type.
• Block downloads of any unique file type, including client-side executable files like Java and ActiveX, by file header (hexadecimal signature) pattern match.
• Examine the HTTP header to make sure it is not from a known source of suspicious content

The HTTP proxy operates between the sending Web server and your receiving Web client. It processes the HTTP protocol line-by-line for any potentially harmful content before sending it to an internal Web client. It also acts as a buffer between your Web server and potentially harmful Web clients by enforcing HTTP RFC compliance and preventing potential buffer overflow attacks.

When you add an HTTP proxy policy to your Firebox configuration, you get access to two proxy actions that are included with the product: an HTTP server ruleset template and an HTTP client ruleset template. You can use these rulesets without changing them or you can use the rulesets as a base for a ruleset to meet the needs of your organization. This module shows you how to customize the rulesets in these two proxy actions.

HTTP-Client
    The HTTP-Client proxy action is configured to give comprehensive protection to your network from the content your trusted users download from Web servers. An optional extension to the HTTP-Proxy (WebBlocker) is available to control the categories of Web sites trusted users are allowed to browse to at different times of the day.

HTTP-Server
    The HTTP-Server proxy action is configured by default to allow most HTTP connections through to your public Web server, but stop any attempts to put files on your Web server or delete files from your Web server.

Return to Top

Copyright © 1996 - 2005 WatchGuard Technologies, Inc. All rights reserved.
Legal Notice/Terms of Use