R3303-HP 6600/HSR6600 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6602-XG Router

Troubleshooting connection limiting ··························································································································· 467

Connection limit rules with overlapping segments ··························································································· 467

Connection limit rules with overlapping protocol types ·················································································· 467

Configuring Web filtering ······································································································································ 469

Overview ······································································································································································· 469

URL address filtering ··········································································································································· 469

IP address-supported URL address filtering ······································································································· 469

URL parameter filtering ······································································································································· 470

Java blocking ······················································································································································· 470

ActiveX blocking ·················································································································································· 471

Configuring URL address filtering ······················································································································ 471

Configuring IP address-supported URL address filtering ················································································· 471

Configuring URL parameter filtering ·················································································································· 472

Configuring Java blocking ································································································································· 472

Configuring ActiveX blocking ···························································································································· 473

Displaying and maintaining Web filtering ················································································································ 473

URL address filtering configuration example ············································································································· 474

URL parameter filtering configuration example ········································································································ 475

Java blocking configuration example ························································································································ 476

Troubleshooting Web filtering ···································································································································· 477

Failed to add filtering entry or suffix keyword due to upper limit ·································································· 477

Invalid characters are present in the configured parameter ··········································································· 478

Invalid use of wildcard ······································································································································· 478

Invalid blocking suffix ········································································································································· 479

ACL configuration failed ····································································································································· 479

Unable to access the HTTP server by IP address······························································································ 480

Configuring attack detection and protection ········································································································ 481

Types of network attacks the device can defend against ··············································································· 481

Blacklist function ·················································································································································· 483

Traffic statistics function ······································································································································ 483

TCP proxy ····························································································································································· 484

Attack detection and protection configuration task list ···························································································· 486

Configuring attack protection functions for an interface ························································································· 487

Creating an attack protection policy ················································································································· 487

Configuring an attack protection policy ··········································································································· 487

Applying an attack protection policy to an interface ······················································································ 490

Configuring TCP proxy ················································································································································ 491

Configuring the blacklist function ······························································································································· 491

Enabling traffic statistics on an interface ··················································································································· 492

Displaying and maintaining attack detection and protection ················································································· 492

Attack detection and protection configuration examples ························································································ 493

Attack protection functions on interfaces configuration example ··································································· 493

Blacklist configuration example ························································································································· 495

Traffic statistics configuration example ············································································································· 496

TCP proxy configuration example ····················································································································· 498

Configuring TCP attack protection ························································································································· 500

Enabling the SYN Cookie feature ······························································································································ 500

Enabling protection against Naptha attacks ············································································································· 501

Displaying and maintaining TCP attack protection ·································································································· 501