background image

 

16

 

standalone 

webfilter

 like 

www.webfilter.com

; it does not match website addresses like 

www.webfilter-china.com

 

A filtering entry with neither “^” at the beginning nor “$” at the end indicates a fuzzy match, and 
matches website addresses containing the keyword. 

 

If “*” is present at the beginning of a filtering entry, it must be present in the format like 

*.xxx

, where 

xxx represents a keyword, for example, 

*.com

 or 

*.webfilter.com

 

A filtering entry with only numerals is invalid. To filter a website address like 

www.123.com

, you can 

define a filtering entry like 

^123$

www.123.com

, or 

123.com

, instead of 

123

. In other words, use 

exact match to filter numeral website addresses. 

Description 

Use the 

firewall http url-filter host url-address 

command to add a URL address filtering entry and set the 

filtering action. 
Use the 

undo firewall http url-filter host url-address 

command to remove one or all URL address filtering 

entries. 
The firewall supports a maximum of 256 URL address filtering entries.  
You can change the filtering action for an existing filtering entry, for example, from deny to permit. 
Related commands: 

display firewall http url-filter host

Examples 

# Add filtering entry 

^china&

 to the URL address filtering entry list and set the filtering action to permit. 

<Sysname> system-view 

[Sysname] firewall http url-filter host url-address permit ^china& 

firewall http url-filter parameter 

Syntax 

firewall http url-filter parameter 

{

 default 

|

 keywords 

keywords 

undo firewall http url-filter parameter

 [ 

default 

|

 keywords 

keywords 

View 

System view 

Default level 

2: System level 

Parameters 

default

: Specifies to use the default parameter filtering entries, including: 

^select$

^insert$

^update$

^delete$

^drop$

--

,

 '

,

 ^exec$

, and 

%27

keywords 

keywords

:

 

Specifies to use a user-defined parameter filtering entry. The 

keywords

 argument is 

a case-insensitive string of 1 to 80 characters. Valid characters include numerals, English letters, 

wildcards (‘^’, ‘$’, ‘&’ and ‘*’), and other ASCII characters with values in the range 31 to 127.A filtering 
entry can be a string with spaces, but such an entry must be present in quotes, for example, “

select all”

One space in a filtering entry can match multiple consecutive spaces in a URL parameter of an HTTP 

request. For meanings of the wildcards, see 

Table 7

Содержание SecPath Series

Страница 1: ...High End Firewalls Attack Protection Command Reference Hangzhou H3C Technologies Co Ltd http www h3c com Software version SECPATH1000FE SECBLADEII CMW520 R3166 SECPATH5000FA CMW520 R3206 Document vers...

Страница 2: ...ware Secware Storware NQA VVG V2 G Vn G PSPT XGbus N Bus TiGem InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are th...

Страница 3: ...mand conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown Italic Italic text represents arguments that you replace with actual value...

Страница 4: ...ot understood or followed can result in personal injury CAUTION An alert that calls attention to important information that if not understood or followed can result in data loss data corruption or dam...

Страница 5: ...s Configuration examples Describe typical network scenarios and provide configuration examples and instructions Operations and maintenance Software upgrade guide Describes the software upgrade procedu...

Страница 6: ...Technical support service h3c com http www h3c com Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...

Страница 7: ...l http activex blocking suffix 9 firewall http java blocking acl 9 firewall http java blocking enable 10 firewall http java blocking suffix 11 firewall http url filter host acl 11 firewall http url fi...

Страница 8: ...estricted by the number of static ARP entries that the firewall supports As a result the firewall may fail to change all dynamic ARP entries into static Suppose that the number of dynamic ARP entries...

Страница 9: ...primary IP address of the interface resides for neighbors The start IP address and end IP address must be on the same network as the primary IP address or manually configured secondary IP addresses o...

Страница 10: ...of 1 to 9 characters It must start with a dot and consist of characters 0 to 9 a to z and A to Z verbose Specifies detailed information Description Use the display firewall http activex blocking comma...

Страница 11: ...keywords Specifies a blocking suffix keyword It is a string of 1 to 9 characters It must start with a dot and consist of characters 0 to 9 a to z and A to Z verbose Specifies detailed information Des...

Страница 12: ...ring keywords item keywords Specifies a filtering keyword The keywords argument is a case insensitive string of 1 to 80 characters Valid characters include 0 to 9 a to z A to Z dot hyphen underline _...

Страница 13: ...eny No ACL group has been configured URL filter host has loaded file cfa0 urlfilter There are 10 packet s being filtered There are 0 packet s being passed Table 4 Output description Field Description...

Страница 14: ...cket including select had been matched for 10 times Display URL parameter filtering information about all keywords Sysname display firewall http url filter parameter all SN Match Times Keywords 1 0 se...

Страница 15: ...requests containing any suffix keywords in the ActiveX blocking suffix list will be processed according to the ACL You can specify multiple ACLs for ActiveX blocking but only the last one takes effec...

Страница 16: ...level Parameters keywords Blocking suffix keyword a case insensitive string of 1 to 9 characters It must start with a dot and consist of characters 0 to 9 a to z and A to Z Description Use the firewal...

Страница 17: ...ocking based on the ACL takes effect only after you create and configure the ACL correctly Related commands display firewall http java blocking Examples Specify the ACL for Java blocking as ACL 2002 S...

Страница 18: ...va blocking suffix command to add a Java blocking suffix keyword to the Java blocking suffix list Use the undo firewall http java blocking suffix command to remove a Java blocking suffix keyword from...

Страница 19: ...host Examples Specify URL address filtering to permit Web requests with website IP addresses permitted by ACL 2000 Sysname system view Sysname acl number 2000 Sysname acl basic 2000 rule 0 permit sour...

Страница 20: ...ter host Examples Enable the URL address filtering function Sysname system view Sysname firewall http url filter host enable firewall http url filter host ip address Syntax firewall http url filter ho...

Страница 21: ...he file storing the filtering entries The name must contain the file path Description Use the firewall http url filter host load command to configure the firewall to load a specified URL address filte...

Страница 22: ...ldcard Meaning Usage guidelines Matches website addresses starting with the keyword It can be present once at the beginning of a filtering entry Matches website addresses ending with the keyword It ca...

Страница 23: ...on for an existing filtering entry for example from deny to permit Related commands display firewall http url filter host Examples Add filtering entry china to the URL address filtering entry list and...

Страница 24: ...he URL parameter filtering entry list Use the undo firewall http url filter parameter command to remove URL parameter filtering entries from the list If no parameters are specified the undo firewall h...

Страница 25: ...url filter parameter load View System view Default level 2 System level Parameters file name Name of the file storing the parameter filtering entries The name must contain the file path Description U...

Страница 26: ...er reset firewall http Syntax reset firewall http activex blocking java blocking url filter host url filter parameter counter View User view Default level 1 Monitor level Parameters activex blocking S...

Страница 27: ...9 firewall http java blocking enable 10 firewall http java blocking suffix 1 1 firewall http url filter host acl 1 1 firewall http url filter host default 12 firewall http url filter host enable 13 f...

Отзывы: