R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

181

182

183

184

185

186

187

188

189

190

180

LB module to allow internal users to access the specified or all websites by using the websites’ IP

addresses.

Processing procedure

After the LB module receives a web request that uses an IP address, it processes the request as follows:

• If URL address filtering supports IP addresses, the LB module forwards the request. The LB module

permits all web requests that use the websites’ IP addresses to pass.

• If URL address filtering does not support IP addresses, the LB module checks the ACL rules for URL

address filtering. If the ACL permits the IP address, the LB module forwards the request; otherwise,

the LB module drops the request.

URL Parameter Filtering

Overview

Currently, large quantities of webpages are dynamic, connected with databases, and supporting data

query and modification through web requests. This makes it possible to fabricate special SQL statements

in web requests to obtain confidential data from databases or break down databases by modifying

database information repeatedly. This kind of attack is called SQL injection attack.

To address this problem, the LB module compares the URL parameters in a web request against SQL

statement keywords and some other characters that may constitute SQL statements. If a match is found,

the LB module regards the request as an SQL injection attack and denies it. This protection mechanism

is called URL parameter filtering.

Web requests transmit parameters mainly by the "GET" and “POST” methods. The method used for

transmitting parameters determines the positions of the URL parameters. The LB module obtains the

parameters based on the parameter transmission method and then performs filtering. Currently, the LB

module supports URL parameter filtering of web requests with the GET, POST or PUT method.

Processing procedure

After receiving a web request containing URL parameters, the LB module obtains the parameters

according to the parameter transmission method and then processes the request accordingly:

• If the parameters are transmitted by a method other than GET, POST and PUT, the LB module

directly forwards the web request.

• If the parameters are transmitted by the method of GET, POST or PUT, the LB module obtains the URL

parameters from the web request, compares the URL parameters against the configured filtering

entries. If a match is found, the LB module denies the request; otherwise, the LB module forwards the

request.

Java Blocking

Overview

Java blocking can protect networks from being attacked by malicious Java applets.

After the Java blocking function is enabled, all requests for Java applets of web pages will be filtered. If

Java applets in some webpages are expected, you can configure ACL rules to permit requests to Java

applets of these webpages.