Manualshelf

HP VPN Firewall Appliances Attack Protection Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
111112113114115116117118119120
112
Ste
p
Command
Remarks
4. Apply a content filtering
policy.
Apply an HTTP filtering policy:
http-policy policy-name
Apply an SMTP filtering policy:
smtp-policy policy-name
Apply a POP3 filtering policy:
pop3-policy policy-name
Apply an FTP filtering policy:
ftp-policy policy-name
Apply a Telnet filtering policy:
telnet-policy policy-name
Configure at least one command.
By default, no content filtering policy
is applied in a policy template.
NOTE:
Content filtering policy templates created in system view belong to the default VD.
Content filtering policy templates created in VD view belong to the corresponding VD.
Displaying and maintaining content filtering
Task Command
Remarks
Displaying URL parameter
filtering information.
display content-filtering url-filter parameter [ all |
item keywords | verbose ] [ | { begin | exclude |
include } regular-expression ]
Available in any view.
Displaying java blocking
information.
display content-filtering java-blocking [ all | item
keywords | verbose ] [ | { begin | exclude |
include } regular-expression ]
Available in any view.
Displaying ActiveX blocking
information.
display content-filtering activex-blocking [ all |
item keywords | verbose ] [ | { begin | exclude |
include } regular-expression ]
Available in any view.
Display content filtering
statistics.
display content-filtering statistics [ vd vd-name ] Available in any view.
Clear content filtering
statistics.
reset content-filtering statistics [ vd vd-name ] Available in user view.
Interzone content filtering configuration example
Network requirements
As shown in Figure 96, hosts on the subnet 192.168.1.0/24 can access the Internet through the Firewall.
Perform the following configuration:
Configure HTTP body filtering to block HTTP responses with keyword abc.
Enable HTTP java applet blocking to permit java applet requests only sent to the web server with IP
address 5.5.5.5.
Configure SMTP attachment name filtering to block emails with .exe attachment.
Configure FTP upload filename filtering to block uploaded files with name abc.
Configure Telnet command word filtering to block commands with keyword reboot.