Manualshelf

HP VPN Firewall Appliances Attack Protection Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
71727374757677787980
74
Configuring content filtering
Overview
Content filtering enables the device to filter contents carried in HTTP packets, SMTP packets, POP3
packets, FTP packets, and Telnet packets, to prevent internal users from accessing illegal websites or
sending junk emails and prevent packets carrying illegal contents from entering the internal network.
Upon receiving HTTP, SMTP, POP3, FTP, or Telnet packets, the device first matches the packets against
interzone policies. If the action of the matching interzone policy rule is permit and the policy rule is
configured with a content filtering policy, the device proceeds matching the packets against the content
filtering policy to filter out illegal packets. For more information about interzone policies, see Access
Control Configuration Guide.
HTTP packet content filtering
The HTTP packet content filtering, hereafter referred to as HTTP filtering, provides the following functions:
Uniform Resource Locator (URL) hostname filtering—Checks the hostname in the required URL of an
HTTP request to block internal users from accessing specific websites.
Header filtering—The Header field in an HTTP response typically contains the type of the current
web page (such as text and figure), the content length, the basic server information (such as server
type and response time), and the HTTP version. Using header filtering, the device can block HTTP
responses with specified information carried in the header.
Body filtering—Filters the message body in an HTTP packet from a server to a client, which is the
content to be displayed by the browser. In this way, the device can block HTTP packets with
specified body contents, to prevent illegal contents from spreading over the internal network.
URL IP blocking—Blocks all HTTP requests that carry an IP address in the URL, to prevent internal
users from using IP addresses to access websites.
URL parameter filtering—Protects websites against attacks that use URL parameters. For example,
URL parameter filtering matches each HTTP request against the keywords of Structured Query
Language (SQL) statements and other characters that might constitute an SQL statement. If they
match, the device considers the request an SQL injection attack packet and drops it. The device
supports URL parameter filtering of HTTP requests for the Get, Post, or Put operation. Web pages are
typically dynamic and connected with a database. HTTP allows web requests to query or modify
data in the database. This makes it possible for attackers to fabricate special SQL statements in web
requests to obtain confidential data from the database or break down the database by modifying
database information multiple times. Such attacks are known as SQL injection attacks.
ActiveX blocking—Blocks ActiveX plugin requests to untrusted websites, protecting the network
from being attacked by malicious ActiveX plugins.
Java applet blocking—Blocks java applet requests to untrusted websites, protecting the network
from being attacked by malicious java applets.