- Enterasys Security Router User's Guide

ManualsBrandsEnterasys Networks ManualsNetwork RouterSecurity Router X-PeditionTM

391

392

393

394

395

396

397

398

399

400

XSR Firewall Feature Set Functionality

16-14 Configuring Security on the XSR

On Board URL Filtering

This features lets you block access to a list of Uniform Resource Locators (URLs) or limit access to

certain approved sites. The XSR extracts the absolute URL from the Get and Host headers of the

http Request packet sent by web browser, and matches that to a list of approved (white list), or

banned (black list) URLs.

Importing URL Lists from an ASCII File

The XSR supports the import of URL lists from a user-specified ASCII text file using the ip

firewall url-load-xxx name_of_url_xxx_list command where xxx stands for black-list

white-list. URL lists can be stored in either Flash or CFlash directories. Any of the following

commands are acceptable:

XSR(config)#ip firewall url-load-black-list blacklists.txt

XSR(config)#ip firewall url-load-black-list flash:blacklists.txt

XSR(config)#ip firewall url-load-white-list cflash:whitelists.txt

Writing URL List Entries

When the ip firewall url-load-xxx command is run, the XSR immediately reloads the URL

list database from the file. When you write URL entries for the file, observe the following:

• Entries are compared in a case-insensitive manner

• Up to 30 URL entries, each of which can be up to 63 characters long after leading and trailing

white spaces (SPACEs, TABs) are removed from the input line. If a URL string has more than

63 characters, the XSR truncates it to 63 characters.

• If the URL file contains more than 30 entries, only the first 30 entries are loaded.

A URL list generally contains keywords of the URL you want to match. It can be as specific as a

particular web page in a directory of an organization such as www.w3.org/pub/WWW/

theProject.htm, or as general as a domain name such as playboy.com, or simply a file name such as

readme.eml. The following are sample URLs:

• arcadegamesonline.com

• games.yahoo.com

• siterankings.com/cgi-bin/casinos

• mail.bigmailbox.com/users/casinoranking.com

• top-lasvegas.com/en

• java.omnisportsbookmembers.com/javacasino

• 216.91.118.35/ibet

• members.aol.com/winatcraps

• playboy.com

• readme.eml

Enabling URL Filtering in Firewall Policy

The XSR firewall policy command lets you specify URL checking using the keywords URL-W or

URL-B. URL-B instructs the XSR to compare the requested URL with a URL black list, so if a user

tries to access a URL matching any black list entry, access will be blocked and the user presented

with a blocked page similar to Figure 16-11 below. If the URL black list is not loaded, access is

allowed.