R3166-R3206-HP High-End Firewalls Attack Protection Configuration Guide-6PW101
57
[Firewall-acl-basic-2000] rule 0 permit source 3.3.3.3 0.0.0.0
[Firewall-acl-basic-2000] rule 1 deny source any
[Firewall-acl-basic-2000] quit
# Specify to allow users to use IP addresses to access websites.
[Firewall] firewall http url-filter host ip-address deny
[Firewall] firewall http url-filter host acl 2000
# Display detailed information about URL address filtering.
[Firewall] display firewall http url-filter host verbose
URL-filter host is enabled.
Default method: deny.
The support for IP address: deny.
The configured ACL group is 2000.
No file has been loaded.
There are 1 packet(s) being filtered.
There are 1 packet(s) being passed.
# Display URL address filtering information about all filtering entries.
[Firewall] display firewall http url-filter host all
SN Match-Times Keywords
------------------------------------
1 1 www.webflt.com
URL parameter filtering configuration example
1. Network requirements
The hosts in the network segment 192.168.1.0/24 access the Internet through the firewall. The firewall is
enabled with the URL parameter filtering function, which uses the user-defined filtering entry group to
filter HTTP requests.
Figure 44 Network diagram for URL parameter filtering configuration
2. Configuration procedure
# Configure IP addresses for the interfaces. (Omitted)
# Configure the NAT policy for the outbound interface.
<Firewall> system-view
[Firewall] acl number 2200
[Firewall-acl-basic-2200] rule 0 permit source 192.168.1.0 0.0.0.255
[Firewall-acl-basic-2200] rule 1 deny source any
[Firewall-acl-basic-2200] quit