Manualshelf

R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
181182183184185186187188189190
179
Web filtering configuration
NOTE:
The LB module supports web filtering configuration only in the command line interface.
Introduction to web filtering
In legacy network security solutions, network protection is mainly against external attacks. With the
popularity of network applications in every walk of life, however, the internal network also faces security
threats caused by internal users’ access to illegal networks. To protect the internal network against such
threats, the network devices must be able to filter illegal access requests from internal users. This is where
the web filtering feature comes in.
The web filtering feature can help devices prevent internal users from accessing unauthorized websites
and block Java applets and ActiveX objects from web pages. It provides these functions:
URL address filtering
IP address-supported URL address filtering
URL Parameter Filtering
Java Blocking
ActiveX Blocking
URL address filtering
Overview
URL address filtering can help prevent internal users from accessing prohibited websites or restrict them
to specific websites by checking the URL addresses contained in the web requests.
Processing procedure
1. After receiving a web request, the LB module resolves the URL address in the request.
2. The module matches the URL address against the configured filtering entries.
3. If a match is found and the filtering action of the matched entry is permit, the module forwards the
request.
4. If a match is found and the filtering action of the matched entry is deny, the module drops the web
request and sends a TCP reset packet to both the client that sent the request and the server.
5. If no match is found, the module forwards or drops the request, depending on the default filtering
action configured for URL address filtering.
IP address-supported URL address filtering
Overview
After the URL address filtering function is enabled, the system denies all web requests that use IP
addresses by default. By enabling support for IP address in URL address filtering, you can configure the