See also: Irbis Firewall Overview
Irbis Firewall embedded HTTP-proxy server can be used to control access to WWW. Configuration wizard will help you to configure this Irbis Firewall subsystem easy. Current version of Irbis Firewall supports following features:
When properly configured browser sends request, Irbis Firewall embedded proxy server takes it and checks it for the conditions to determine is requester allowed to get this document. If requester is allowed to get the document, Irbis Firewall creates new request and gets document from server, and delivers document to requester. While working Irbis Firewall uses access control lists and access control expressions.
Access control lists are virtually named conditions. This means that any access control list is a condition, and it should have a unique name. Each request may satisfy or not satisfy to a single access control list. E.g. if an access list is based on a client IP address, then a request from the computer with this IP-address is accepted by this access control list, and all other requests are not.
Access control expression is a set of one or more access control lists and an action to perform on request if it is accepted by each of these lists. Each access control list in the expression may have an inversion flag. The expression becomes true if the request is accepted by all the lists, which have no inversion flags set, or if the request is not accepted by all the lists, which have the inversion flags set.
Take a look at the example:
The action defined for this access control expression takes place if a request comes from the computer with IP-address from the subnet 192.168.0.0/255.255.255.0 and requested document name does not contain a .gif substring
Irbis Firewall proxy server supports three kinds of actions: