R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

181

182

183

184

185

186

187

188

189

190

181

Processing procedure

• If the Java blocking function is enabled but no ACL is configured for it, the LB module replaces

suffixes “.class” and “.jar” with “.block” in all web requests and then forwards the requests.

• If the Java blocking function is enabled and an ACL is configured for it, the LB module determines

whether to replaces suffixes “.class” and “.jar” with “.block” in web requests according to the ACL

rules. If the destination server in a web request is a server permitted by the ACL, no replacement

occurs and the request is forwarded; otherwise, the suffix in the request is replaced with “.block”

and then the request is forwarded.

• In addition to the default suffixes “.class” and “.jar”, you can add Java blocking suffixes (that is, the

filename suffixes to be replaced in web requests) through command lines.

ActiveX Blocking

Overview

ActiveX blocking can protect networks from being attacked by malicious ActiveX plugins.

After the ActiveX blocking function is enabled, requests for ActiveX plugins to all webpages will be

filtered. If the ActiveX plugins in some webpages are expected, you can configure ACL rules to permit

requests to the ActiveX plugins of these webpages.

Processing procedure

• If the ActiveX blocking function is enabled but no ACL is configured for it, the LB module replaces

suffix “.ocx” with “.block” in all web requests and then forwards the requests.

• If the ActiveX blocking function is enabled and an ACL is configured for it, the LB module determines

whether to replaces suffix “.ocx” with “.block” in web requests according to the ACL rules. If the

destination server in a web request is a server permitted by the ACL, no replacement occurs and the

request is forwarded; otherwise, the suffix is replaced with “.block” and then the request is

forwarded.

• In addition to the default suffix “.ocx”, you can add ActiveX blocking suffixes (that is, the filename

suffixes to be replaced in web requests) through command lines.

Configuring web filtering

IP address-supported URL filtering can take effect only after the URL address filtering is enabled. URL

parameter filtering, Java blocking, and ActiveX blocking can be enabled independently.

Configuring URL address filtering

Follow these steps to configure URL address filtering:

To do... Use the command...

Remarks

Enter system view

system-view —

Enable the URL address

filtering function

firewall http url-filter host enable

Required

Disabled by default

Specify the default filtering

action

firewall http url-filter host default { deny |

permit }

Optional

deny by default