R3166-R3206-HP High-End Firewalls Attack Protection Configuration Guide-6PW101
62
Invalid blocking suffix
Symptom
When you configure a Java blocking suffix keyword or ActiveX blocking suffix keyword, the system
prompts you that there are invalid suffix keywords.
Analysis
A blocking suffix requires a dot “.” as part of it. If no dot or multiple dots are configured, the configuration
fails.
Solution
Configure a suffix keyword according to the description in the analysis.
ACL configuration failed
Symptom
An ACL rule uses the IP address of a host in the internal network as the source address and permits
requests from the host. The ACL is referenced for URL address filtering, Java blocking or ActiveX blocking,
but it does not work.
Analysis
For URL address filtering, Java blocking and ActiveX blocking, ACLs permit access to servers in external
networks rather than hosts in the internal network. This is because the internal network is assumed to be
trusted.
Solution
Specify the IP address of the server in the external network as the source IP address in the ACL rule.
Unable to access website by IP address
Symptom
After the URL address filtering function is enabled, HTTP requests to the device are denied.
Analysis
By default, the URL address filtering function disables access by IP address. When configuring the device
through web, you specify the IP address of the device and therefore is denied.
Solution
Configure an ACL to permit HTTP requests to the device by IP address.