Manualshelf

R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
381382383384385386387388389390
372
Configuring Web filtering
Overview
In legacy network security solutions, network protection mainly targets external attacks. With the
popularity of network applications in every walk of life, however, the internal network also faces security
threats caused by internal user access to illegal networks. To protect the internal network against such
threats, the network devices must be able to filter illegal access requests from internal users.
Web filtering can help devices prevent internal users from accessing unauthorized websites and block
Java applets and ActiveX objects from webpages. Web filtering provides the following functions:
URL address filtering
IP address-supported URL address filtering
URL parameter filtering
Java blocking
ActiveX blocking
URL address filtering
URL address filtering helps prevent internal users from accessing prohibited websites or restrict them to
specific websites by checking URL addresses contained in Web requests.
Processing procedure
1. After receiving a Web request, the device resolves the URL address in the request.
2. The device matches the URL address against the configured filtering entries.
3. If a match is found and the filtering action of the matched entry is permit, the device forwards the
request.
4. If a match is found and the filtering action of the matched entry is deny, the device drops the Web
request and sends a TCP reset packet to both the client that sent the request and the server.
5. If no match is found, the device forwards or drops the request, depending on the default filtering
action configured for URL address filtering.
IP address-supported URL address filtering
Once the URL address filtering function is enabled, the system denies all Web requests that use IP
addresses by default. By enabling support for IP address in URL address filtering, you can configure the
device to allow internal users to access specified or all websites based on the website IP addresses.
Processing procedure
After the device receives a Web request that uses an IP address, it processes the request as follows:
If URL address filtering supports IP addresses, the device forwards the request. The device permits all
Web requests that use the websites' IP addresses to pass.