HP VPN Firewall Appliances Attack Protection Configuration Guide
107
Configuring an HTTP filtering policy
You can specify multiple filtering entries for filtering HTTP packets in an HTTP filtering policy. Packets that
match any filtering entry are dropped.
An HTTP filtering policy can contain different types of filtering entries and each type can contain multiple
filtering entries.
To configure an HTTP filtering policy:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter VD view.
switchto vd vd-name
This command is required for entering the
system view of a non-default VD.
3. Create an HTTP
filtering policy and
enter its view.
content-filtering http-policy
policy-name
By default, no HTTP filtering policy exists.
4. Specify a URL
hostname filtering
entry for URL filtering.
url-filtering url-hostname-entry
url-hostname-entry-name
Optional.
By default, no URL hostname filtering entry
is specified for URL filtering.
5. Specify a keyword
filtering entry for
header filtering.
head-filtering keyword-entry
keyword-entry-name
Optional.
By default, no keyword filtering entry is
specified for header filtering.
6. Specify a keyword
filtering entry for
body filtering.
body-filtering keyword-entry
keyword-entry-name
Optional.
By default, no keyword filtering entry is
specified for body filtering.
7. Enable URL IP
address blocking.
url-ip-blocking enable
Optional.
By default, URL IP address blocking is
disabled.
8. Enable URL
parameter blocking.
url-parameter-filtering enable
Optional.
By default, URL parameter blocking is
disabled.
9. Enable ActiveX
blocking.
activex-blocking enable
Optional.
By default, ActiveX blocking is disabled.
10. Enable java applet
blocking.
java-applet-blocking enable
Optional.
By default, java applet blocking is
disabled.
11. Enable HTTP filtering
logging.
logging enable
Optional.
By default, HTTP filtering logging is
disabled.
HTTP filtering logging takes effect only
when interzone policy rule logging is
enabled.
NOTE:
• HTTP filtering policies created in system view belong to the default VD.
• HTTP filtering policies created in VD view belong to the corresponding VD.