R3166-R3206-HP High-End Firewalls Attack Protection Configuration Guide-6PW101
58
[Firewall] nat address-group 1 2.2.2.10 2.2.2.11
[Firewall] interface gigabitethernet 0/0
[Firewall-GigabitEthernet0/0] nat outbound 2200 address-group 1
[Firewall-GigabitEthernet0/0] quit
# Enable the URL parameter filtering function and add URL parameter filtering entry group.
[Firewall] firewall http url-filter parameter enable
[Firewall] firewall http url-filter parameter keywords group
Use the display firewall http url-filter parameter verbose command to display detailed URL parameter
filtering information.
[Firewall] display firewall http url-filter parameter verbose
URL-filter parameter is enabled.
No file has been loaded
There are 1 packet(s) being filtered.
There are 2 packet(s) being passed.
Use the display firewall http url-filter parameter all command to display URL parameter filtering
information about all filtering entries.
[Firewall] display firewall http url-filter parameter all
SN Match-Times Keywords
------------------------------------
1 1 group
Java blocking configuration example
1. Network requirements
The hosts in the network segment 192.168.1.0/24 access the Internet through the firewall. Enable Java
blocking on the firewall, add suffix keyword .js, and configure the firewall to allow only Java applet
requests to the website at 5.5.5.5.
Figure 45 Network diagram for Java blocking configuration
2. Configuration procedure
# Configure IP addresses for the interfaces. (Omitted)
# Configure the NAT policy for the outbound interface.
<Firewall> system-view
[Firewall] acl number 2200
[Firewall-acl-basic-2200] rule 0 permit source 192.168.1.0 0.0.0.255
[Firewall-acl-basic-2200] rule 1 deny source any
[Firewall-acl-basic-2200] quit