Manualshelf

HP VPN Firewall Appliances Attack Protection Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
81828384858687888990
76
Upload filename filtering—Filters filenames carried in FTP upload requests, to prevent clients from
uploading files with the specified names to the server.
Download filename filtering—Filters filenames carried in FTP download requests, to prevent clients
from downloading files with the specified names from the server.
Telnet packet content filtering
Telnet packet content filtering, hereafter referred to as Telnet filtering, filters command words in Telnet
requests. Telnet filtering prevents Telnet users from executing specific commands, such as format and
reboot, which greatly affect the normal operation of the device.
Telnet command filtering supports the following characters:
Visible characters—ASCII codes 0x20 to 0x7e.
Special characters—ASCII codes 0x0, 0x8, 0x0d, 0x0d00, and 0x0d0a.
Others—Cursor Left (0x1b5b44) and Cursor Right (0x1b5b43).
Configuration guidelines
Wildcard usage in URL hostname filtering keywords:
{ The caret (^) matches the beginning of the string. It can be used only once in a keyword and
must be at the beginning.
{ The dollar sign ($) matches the end of the string. It can be used only once in a keyword and must
be at the end.
{ The ampersand (&) matches a single character other than dot (.) and space. It can be used for
multiple times in a keyword, consecutively or non-consecutively. It can appear at any position of
a keyword, but cannot be used next to asterisk (*).
{ The asterisk (*) matches any number of characters excluding dot (.). It can be used only once in
a keyword and must be at the beginning or in the middle. It cannot be used at the end or next
to ^ or dollar sign ($).
{ A keyword with caret (^) at the beginning or dollar sign ($) at the end indicates an exact match.
For example, keyword ^webfilter matches website addresses starting with webfilter (such as
webfilter.com.cn) or containing webfilter at the beginning of a string after a dot (such as
cmm.webfilter-any.com). Keyword ^webfilter$ matches website addresses containing
standalone word webfilter like www.webfilter.com; it does not match website addresses like
www.webfilter-china.com.
{ A keyword with no wildcard used at the beginning and end indicates a fuzzy match, and
matches website addresses containing the keyword.
{ A filtering keyword with only numerals is invalid. To filter a website address like www.123.com,
you can define a keyword like ^123$, www.123.com, or 123 .c om , instead of 123 . HP
recommends using exact match to filter such website addresses.
Wildcard usage in URL parameter filtering keywords:
{ The caret (^) matches the beginning of the string. It can be used only once in a keyword and
must be at the beginning.
{ The dollar sign ($) matches the end of the string. It can be used only once in a keyword and must
be at the end.