manualshive.com logo in svg

H3C SecPath Series, Command Reference Manual

Looking to secure your network? Look no further than the H3C SecPath Series. Enhance your network protection with our state-of-the-art firewall solutions. To get started, simply visit our website and download the free Operation Manual. Empower your network security with H3C SecPath Series. Download your manual from manualshive.com.

Share
Download
background image

 

16

 

standalone 

webfilter

 like 

www.webfilter.com

; it does not match website addresses like 

www.webfilter-china.com

 

A filtering entry with neither “^” at the beginning nor “$” at the end indicates a fuzzy match, and 
matches website addresses containing the keyword. 

 

If “*” is present at the beginning of a filtering entry, it must be present in the format like 

*.xxx

, where 

xxx represents a keyword, for example, 

*.com

 or 

*.webfilter.com

 

A filtering entry with only numerals is invalid. To filter a website address like 

www.123.com

, you can 

define a filtering entry like 

^123$

www.123.com

, or 

123.com

, instead of 

123

. In other words, use 

exact match to filter numeral website addresses. 

Description 

Use the 

firewall http url-filter host url-address 

command to add a URL address filtering entry and set the 

filtering action. 
Use the 

undo firewall http url-filter host url-address 

command to remove one or all URL address filtering 

entries. 
The firewall supports a maximum of 256 URL address filtering entries.  
You can change the filtering action for an existing filtering entry, for example, from deny to permit. 
Related commands: 

display firewall http url-filter host

Examples 

# Add filtering entry 

^china&

 to the URL address filtering entry list and set the filtering action to permit. 

<Sysname> system-view 

[Sysname] firewall http url-filter host url-address permit ^china& 

firewall http url-filter parameter 

Syntax 

firewall http url-filter parameter 

{

 default 

|

 keywords 

keywords 

undo firewall http url-filter parameter

 [ 

default 

|

 keywords 

keywords 

View 

System view 

Default level 

2: System level 

Parameters 

default

: Specifies to use the default parameter filtering entries, including: 

^select$

^insert$

^update$

^delete$

^drop$

--

,

 '

,

 ^exec$

, and 

%27

keywords 

keywords

:

 

Specifies to use a user-defined parameter filtering entry. The 

keywords

 argument is 

a case-insensitive string of 1 to 80 characters. Valid characters include numerals, English letters, 

wildcards (‘^’, ‘$’, ‘&’ and ‘*’), and other ASCII characters with values in the range 31 to 127.A filtering 
entry can be a string with spaces, but such an entry must be present in quotes, for example, “

select all”

One space in a filtering entry can match multiple consecutive spaces in a URL parameter of an HTTP 

request. For meanings of the wildcards, see 

Table 7

Summary of Contents for SecPath Series

Page 1: ...High End Firewalls Attack Protection Command Reference Hangzhou H3C Technologies Co Ltd http www h3c com Software version SECPATH1000FE SECBLADEII CMW520 R3166 SECPATH5000FA CMW520 R3206 Document vers...

Page 2: ...ware Secware Storware NQA VVG V2 G Vn G PSPT XGbus N Bus TiGem InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are th...

Page 3: ...mand conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown Italic Italic text represents arguments that you replace with actual value...

Page 4: ...ot understood or followed can result in personal injury CAUTION An alert that calls attention to important information that if not understood or followed can result in data loss data corruption or dam...

Page 5: ...s Configuration examples Describe typical network scenarios and provide configuration examples and instructions Operations and maintenance Software upgrade guide Describes the software upgrade procedu...

Page 6: ...Technical support service h3c com http www h3c com Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...

Page 7: ...l http activex blocking suffix 9 firewall http java blocking acl 9 firewall http java blocking enable 10 firewall http java blocking suffix 11 firewall http url filter host acl 11 firewall http url fi...

Page 8: ...estricted by the number of static ARP entries that the firewall supports As a result the firewall may fail to change all dynamic ARP entries into static Suppose that the number of dynamic ARP entries...

Page 9: ...primary IP address of the interface resides for neighbors The start IP address and end IP address must be on the same network as the primary IP address or manually configured secondary IP addresses o...

Page 10: ...of 1 to 9 characters It must start with a dot and consist of characters 0 to 9 a to z and A to Z verbose Specifies detailed information Description Use the display firewall http activex blocking comma...

Page 11: ...keywords Specifies a blocking suffix keyword It is a string of 1 to 9 characters It must start with a dot and consist of characters 0 to 9 a to z and A to Z verbose Specifies detailed information Des...

Page 12: ...ring keywords item keywords Specifies a filtering keyword The keywords argument is a case insensitive string of 1 to 80 characters Valid characters include 0 to 9 a to z A to Z dot hyphen underline _...

Page 13: ...eny No ACL group has been configured URL filter host has loaded file cfa0 urlfilter There are 10 packet s being filtered There are 0 packet s being passed Table 4 Output description Field Description...

Page 14: ...cket including select had been matched for 10 times Display URL parameter filtering information about all keywords Sysname display firewall http url filter parameter all SN Match Times Keywords 1 0 se...

Page 15: ...requests containing any suffix keywords in the ActiveX blocking suffix list will be processed according to the ACL You can specify multiple ACLs for ActiveX blocking but only the last one takes effec...

Page 16: ...level Parameters keywords Blocking suffix keyword a case insensitive string of 1 to 9 characters It must start with a dot and consist of characters 0 to 9 a to z and A to Z Description Use the firewal...

Page 17: ...ocking based on the ACL takes effect only after you create and configure the ACL correctly Related commands display firewall http java blocking Examples Specify the ACL for Java blocking as ACL 2002 S...

Page 18: ...va blocking suffix command to add a Java blocking suffix keyword to the Java blocking suffix list Use the undo firewall http java blocking suffix command to remove a Java blocking suffix keyword from...

Page 19: ...host Examples Specify URL address filtering to permit Web requests with website IP addresses permitted by ACL 2000 Sysname system view Sysname acl number 2000 Sysname acl basic 2000 rule 0 permit sour...

Page 20: ...ter host Examples Enable the URL address filtering function Sysname system view Sysname firewall http url filter host enable firewall http url filter host ip address Syntax firewall http url filter ho...

Page 21: ...he file storing the filtering entries The name must contain the file path Description Use the firewall http url filter host load command to configure the firewall to load a specified URL address filte...

Page 22: ...ldcard Meaning Usage guidelines Matches website addresses starting with the keyword It can be present once at the beginning of a filtering entry Matches website addresses ending with the keyword It ca...

Page 23: ...on for an existing filtering entry for example from deny to permit Related commands display firewall http url filter host Examples Add filtering entry china to the URL address filtering entry list and...

Page 24: ...he URL parameter filtering entry list Use the undo firewall http url filter parameter command to remove URL parameter filtering entries from the list If no parameters are specified the undo firewall h...

Page 25: ...url filter parameter load View System view Default level 2 System level Parameters file name Name of the file storing the parameter filtering entries The name must contain the file path Description U...

Page 26: ...er reset firewall http Syntax reset firewall http activex blocking java blocking url filter host url filter parameter counter View User view Default level 1 Monitor level Parameters activex blocking S...

Page 27: ...9 firewall http java blocking enable 10 firewall http java blocking suffix 1 1 firewall http url filter host acl 1 1 firewall http url filter host default 12 firewall http url filter host enable 13 f...

Reviews:

No comments

Related manuals for SecPath Series

Abocom BM200 Specification Sheet preview
BM200
Brand: Abocom Pages: 3
Swisscom Internet Backup Manual preview
Internet Backup
Brand: Swisscom Pages: 2
Draytek VigorPro 5510 Series User Manual preview
VigorPro 5510 Series
Brand: Draytek Pages: 316
Infoblox Infoblox-250-A Installation Manual preview
Infoblox-250-A
Brand: Infoblox Pages: 16
HotBrick VPN 800 User Manual preview
VPN 800
Brand: HotBrick Pages: 89
Sonnet TANGO Quick Start Manual preview
TANGO
Brand: Sonnet Pages: 6
3Com X5 Soecifications preview
X5
Brand: 3Com Pages: 8
ZyXEL Communications Unified Security Gateway ZyWALL 300 Specifications preview
Unified Security Gateway ZyWALL 300
Brand: ZyXEL Communications Pages: 4
Dell 9200 Owner'S Manual preview
9200
Brand: Dell Pages: 174
Dell 9200 Service Manual preview
9200
Brand: Dell Pages: 115
Fortinet FortiGate FortiGate-ADM-XB2 Quick Start Manual preview
FortiGate FortiGate-ADM-XB2
Brand: Fortinet Pages: 1
Fortinet FortiGate FortiGate-5003 Quick Start Manual preview
FortiGate FortiGate-5003
Brand: Fortinet Pages: 2
Fortinet FortiGate 50R Installation And Configuration Manual preview
FortiGate 50R
Brand: Fortinet Pages: 240
Netgate XG-7100-1U Manual preview
XG-7100-1U
Brand: Netgate Pages: 83

Brands by name

Popular brands

Load more brands