3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide
Configuring Web Filtering 135
By default, the firewall denies Web access requests with IP addresses as
destination URLs.
Filtering IP addresses through ACL
This is to filter Web access requests with IP addresses as destination URLs through
ACL.
Perform the following configurations in system view.
By default, no ACL rule is configured.
Upon receiving a Web request with the destination URL as its IP address, the
firewall first matches the request against the ACL defined with the firewall
url-filter host acl-number command. If the match result is permit, the firewall
permits the request to pass; if the match result is deny, the firewall denies the
request. If the firewall finds no matching entry in the ACL or the firewall
url-filter host acl-number command is not used, it determines whether to
permit the request to pass based on how the firewall url-filter host ip-address {
permit | deny } command is configured.
This command can only support one ACL rule. Any newly configured rule will
overwrite the original rule.
Displaying and debugging Web address filtering
Use the commands listed in Table 126 to view information about Web address
filtering and enable debugging Web address filtering.
Execute the display command in any view, and execute the debugging and
reset commands in user view.
Tab le 124 Configure IP address filtering
Operation Command
Configure IP address filtering. firewall url-filter host ip-address { permit | deny }
Tab le 125 Filter IP addresses through ACL
Operation Command
Filter IP addresses through ACL. firewall url-filter host acl-number number
Cancel the configured ACL rule. undo firewall url-filter host acl-number
Tab le 126 Display and debug Web address filtering
Operation Command
Display information about Web address
filtering
display firewall url-filter host { enable | all
| item { url-address | all } }
Enable debugging Web address filtering
debugging firewall url-filter host { all |
error | event | filter | packet }
Disable debugging Web address filtering
undo debugging firewall url-filter host {
all | error | event | filter | packet }
Clear statistics on Web address filtering reset firewall url-filter host counter