R3166-R3206-HP High-End Firewalls Attack Protection Configuration Guide-6PW101
50
Table 32 Java blocking keyword configuration items
Item Descri
p
tion
Keyword
Add an ActiveX blocking suffix keyword to the ActiveX blocking suffix list.
See Figure 39 for how to set a keyword.
IMPORTANT:
You cannot configure the default block suffix keyword .ocx.
Return to ActiveX blocking configuration task list.
Displaying ActiveX blocking information
Select Application Control > Web Filtering from the navigation tree, and then select the ActiveX Blocking
tab to enter the page shown in Figure 38. In the Keyw
ords Setup area, you can view the number times
that each ActiveX blocking keyword has been matched. To reset the statistics, click Reset Counter.
Return to ActiveX blocking configuration task list.
Web filtering configuration examples
Network requirements
As shown in Figure 40, hosts in network segment 192.168.1.0/24 access the Internet through the firewall.
• Enable URL parameter filtering on the firewall, and use the user-defined filtering keyword group to
filter HTTP requests.
• Enable Java blocking on the firewall, add suffix keyword .js, and configure the firewall to allow only
Java applet requests to the website at 5.5.5.5.
Figure 40 Network diagram for web filtering configuration
Configuration procedure
# Configure IP addresses for the interfaces. (Omitted)
# Configure the NAT policy for the outbound interface.
• Select Firewall > ACL from the navigation tree, and then click Add.
• Type 2200 in the ACL Number text box.
• Click Apply.
• Click the icon of ACL 2200, and then click Add.
Host A
192 .168.1.2/24
Host B
192 .168.1.3/24
Host C
192 .168.1.4/24
GE0/2
192 .168.1.1/24
Web server
5.5.5.5/24
Internet
Firewall
GE 0/1
2.2.2.1/24