12.3  Global rules for Web elements

In WinRoute you can also block certain features contained in HTML pages. Typical undesirable items are ActiveX objects (they might enable starting of applications on client hosts) and pop-up windows (automatically opened browser windows, usually used for advert purposes).

To define content global filtering rules go to the Content Rules tab in the Configuration → Content Filtering → HTTP Policy section. Special settings for individual pages can be defined in URL Rules section (refer to chapter 12.2  URL Rules).

Settings on the WWW content scanning options tab are applied to traffic of hosts where users are not authenticated. Special settings are used for users connected through the firewall.

Each authenticated user can customize filtering rules at the user preferences page (see Kerio WinRoute Firewall — User's Guide). However, users that are not allowed to override WWW content rules (refer to chapter 15.1  Viewing and definitions of user accounts) cannot permit HTML features that are denied globally.

Global rules for Web elements

Figure 12.6. Global rules for Web elements


Allow HTML ActiveX objects

Active objects at web pages.

This option allows/blocks <object> and <embed> HTML tags.

Allow <Script> HTML tags

HTML <script> tags — commands of scripting languages, such as JavaScript, VBScript, etc.

Allow HTML JavaScript pop-up windows

Automatic opening of new browser windows — usually pop-up windows with advertisements.

This option enables/blocks the window.open() method in scripts

Allow <applet> HTML tags

HTML <applet> tags (Java Applet)

Allow cross-domain referer

This option enables/disables the Referer item included in an HTTP header.

The Referer item includes pages that have been viewed prior to the current page. If the Allow inter-domain referer is off, Referer items that include a server name different from the current HTTP request will be blocked.

The Cross-domain referer function protects users' privacy (the Referer item can be monitored to see which pages are opened by each user).