Manualshelf

R3166-R3206-HP High-End Firewalls Attack Protection Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
41424344454647484950
38
Web filtering configuration
Web filtering overview
In conventional network security solutions, network protection is mainly against external attacks. With the
popularity of network applications in every walk of life, however, more and more internal attacks appear.
This requires network devices to construct a secure internal network and enhance the security of the
internal network.
The web filtering function can prevent internal users from accessing unauthorized websites and block
Java applets and ActiveX objects from web pages. The web filtering function covers:
URL address filtering
URL parameter filtering
Java blocking
ActiveX blocking
Filtering rule file backup and loading
URL address filtering
Overview
URL address filtering can help prevent internal users from accessing prohibited websites or restrict them
to specific websites.
After receiving an HTTP request, the device checks the URL address in the request. If the address is
permitted, the device forwards the request; otherwise, the device denies the request and sends a TCP
reset packet to the request sender and the server.
After enabling URL address filtering, you can specify the default filtering action, that is, the action to be
taken for HTTP requests whose URL addresses do not match the configured filtering keywords. By default,
the default filtering action for URL address filtering is deny.
Processing procedure
1. After receiving an HTTP request, the device resolves the URL address in the request.
2. The device matches the URL address against the configured filtering keywords. If a match is found,
the device takes the preset filtering action to permit or deny the request. Otherwise, the device
takes the default filtering action.
IP address-supported URL address filtering
After the URL address filtering function is enabled, the system denies all web requests that use IP
addresses by default.
To enable users to access all websites using IP addresses, you can enable the support for IP
addresses in URL address filtering and allow the access using all IP addresses, so that the system
forwards all web requests that use IP addresses for website access.
To enable users to access specified websites using IP addresses, you can enable the support for IP
addresses in URL address filtering and configure ACL rules to permit the specified IP addresses of