R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

391

392

393

394

395

396

397

398

399

400

379

[Router-acl-basic-2200] rule 1 deny source any

[Router-acl-basic-2200] quit

[Router] nat address-group 1 2.2.2.10 2.2.2.11

[Router] interface gigabitethernet 3/0/1

[Router-GigabitEthernet3/0/1] nat outbound 2200 address-group 1

[Router-GigabitEthernet3/0/1] quit

# Enable the URL parameter filtering function and add URL parameter filtering entry group.

[Router] firewall http url-filter parameter enable

[Router] firewall http url-filter parameter keywords group

Use the display firewall http url-filter parameter verbose command to display detailed URL parameter

filtering information.

[Router] display firewall http url-filter parameter verbose

URL-filter parameter is enabled.

There are 1 packet(s) being filtered.

There are 2 packet(s) being passed.

Use the display firewall http url-filter parameter all command to display URL parameter filtering

information about all filtering entries.

[Router] display firewall http url-filter parameter all

SN Match-Times Keywords

------------------------------------

1 1 group

Java blocking configuration example

Network requirements

The hosts in the network segment 192.168.1.0/24 access the Internet through the device. Enable Java

blocking on the device, add suffix keyword .js, and configure the device to allow only Java applet

requests to the website at 5.5.5.5.

Figure 124 Network diagram

Configuration procedure

# Configure IP addresses for the interfaces. (Details not shown.)

# Configure the NAT policy for the outbound interface.

<Router> system-view

[Router] acl number 2200

Host A

192.168.1.2/24

Host B

192.168.1.3/24

Host C

192.168.1.4/24

GE3/0/2

192.168.1.1/24

WEB server

5.5.5.5/24

Internet

Router

GE3/0/1

2.2.2.1/24