R3166-R3206-HP High-End Firewalls Attack Protection Configuration Guide-6PW101
56
To do... Use the command...
Remarks
Display information about
ActiveX blocking
display firewall http activex-blocking [ all | item
keywords | verbose ]
Available in any view
Clear web filtering statistics
reset firewall http { activex-blocking |
java-blocking | url-filter host | url-filter
parameter } counter
Available in user view
Web filtering configuration examples
URL address filtering configuration example
1. Network requirements
The hosts in the network segment 192.168.1.0/24 access the Internet through the firewall. The firewall is
enabled with the URL address filtering function, and allows the hosts to access only www.webflt.com
using the URL address or IP address.
Figure 43 Network diagram for URL address filtering configuration
2. Configuration procedure
# Configure IP addresses for the interfaces. (Omitted)
# Configure the NAT policy for the outbound interface.
<Firewall> system-view
[Firewall] acl number 2200
[Firewall-acl-basic-2200] rule 0 permit source 192.168.1.0 0.0.0.255
[Firewall-acl-basic-2200] rule 1 deny source any
[Firewall-acl-basic-2200] quit
[Firewall] nat address-group 1 2.2.2.10 2.2.2.11
[Firewall] interface gigabitethernet 0/0
[Firewall-GigabitEthernet0/0] nat outbound 2200 address-group 1
[Firewall-GigabitEthernet0/0] quit
# Enable the URL address filtering function.
[Firewall] firewall http url-filter host enable
# Specify to allow users to access only www.webfit.com and set the default filtering action to deny.
[Firewall] firewall http url-filter host url-address permit www.webflt.com
[Firewall] firewall http url-filter host default deny
# Specify an ACL for URL address filtering.
[Firewall] acl number 2000
Host A
192 .168.1.2/24
Host B
192 .168.1.3/24
Host C
192 .168.1.4/24
GE 0/1
192 .168.1.1/24
WEB server
3.3.3.3/24
www .webflt.com
Internet
Firewall
GE 0/0
2.2.2.1/24