R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

391

392

393

394

395

396

397

398

399

400

378

[Router-acl-basic-2000] quit

# Specify to allow users to use IP addresses to access websites.

[Router] firewall http url-filter host ip-address deny

[Router] firewall http url-filter host acl 2000

After the above configuration, open a Web browser on a host in the LAN, enter website

http://www.webflt.com or http://3.3.3.3 and you can access this website correctly. Enter other website

addresses, and you are not allowed to access the corresponding websites.

# Display detailed information about URL address filtering.

[Router] display firewall http url-filter host verbose

URL-filter host is enabled.

Default method: deny.

The support for IP address: deny.

The configured ACL group is 2000.

There are 1 packet(s) being filtered.

There are 1 packet(s) being passed.

# Display URL address filtering information about all filtering entries.

[Router] display firewall http url-filter host all

SN Match-Times Keywords

------------------------------------

1 1 www.webflt.com

URL parameter filtering configuration example

Network requirements

The hosts in the network segment 192.168.1.0/24 access the Internet through the device. The device is

enabled with the URL parameter filtering function, which uses the user-defined filtering entry group to

filter Web requests.

Figure 123 Network diagram

Configuration procedure

# Configure IP addresses for the interfaces. (Details not shown.)

# Configure the NAT policy for the outbound interface.

<Router> system-view

[Router] acl number 2200

[Router-acl-basic-2200] rule 0 permit source 192.168.1.0 0.0.0.255

Host A

192.168.1.2/24

Host B

192.168.1.3/24

Host C

192.168.1.4/24

GE3/0/2

192.168.1.1/24

WEB server

Internet

Router

GE3/0/1

2.2.2.1/24