R3303-HP HSR6800 Routers Security Configuration Guide
382
Wildcard Meanin
g
Usa
g
e
g
uidelines
*
Stands for any number of valid
characters and spaces excluding a
dot (.)
It can be present once at the
beginning or in the middle of a
filtering entry. It cannot be at the
end and cannot be used next to a
caret (^) or a dollar sign ($).
Table 14 Wildcards for URL parameter filtering entries
Wildcard Meanin
g
Usa
g
e
g
uidelines
^
Matches parameters starting with
the keyword
Can be present once at the
beginning of a filtering entry.
$
Matches parameters ending with
the keyword
It can be present once at the end
of a filtering entry.
& Stands for one valid character
It can be present multiple times at
any position of a filtering entry,
consecutively or inconsecutively,
and cannot be used next to an
asterisk (*). If it is present at the
beginning or end of a filtering
entry, it must be next to a caret (^)
or a dollar sign ($).
*
Stands for a string of up to 4 valid
characters, including spaces
It can be present once in the
middle of a filtering entry.
Solution
Use the wildcards correctly according to the above principles.
Invalid blocking suffix
Symptom
When you configure a Java blocking suffix keyword or ActiveX blocking suffix keyword, the system
prompts you that there are invalid suffix keywords.
Analysis
A blocking suffix requires a dot (.) as part of it. If no dot or multiple dots are configured, the configuration
fails.
Solution
Configure a suffix keyword according to the description in the analysis.
ACL configuration failed
Symptom
An ACL rule uses the IP address of a host in the internal network as the source address and permits
requests from the host. The ACL is referenced for URL address filtering, Java blocking or ActiveX blocking,
but it does not work.