Management and Configuration Guide (Includes ACM xl) 2005-12

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

111

112

113

114

115

116

117

118

119

120

4-56 ProCurve Secure Access 700wl Series Management and Configuration Guide

Configuring Rights

• To select a filter to include in this Access Policy, click the appropriate check box.

• To move a filter up or down in the filter list, click the up or down button to the left of the filter name.

Note:

HTTP Proxy filters are evaluated in the order that they appear in the HTTP Proxy filters list

of each Access Policy. When a packet matches an HTTP Proxy filter, it is immediately redirected to

the appropriate destination. Therefore, an incorrect ordering of HTTP Proxy filters could cause some

filters never to be evaluated. For example, if a more general filter is evaluated before a more specific

filter, packets could be redirected due to matching the general filter, and never be evaluated by the

more specific filter.

Reordering the filter list affects only the Access Policy that is currently being created. Each Access

Policy may use a different ordering of HTTP Proxy filters.

• To edit a filter, click the filter name or the pencil icon at the end of the row. This takes you directly

to the Edit Filters page.

Filter The filter type. The choices are:

• Allow IP Accept HTTP traffic destined for the specified IP address

• Allow FQDN Accept HTTP traffic destined for the specified fully-qualified domain

name (e.g. www.domain.com)

• Allow Host Accept HTTP traffic destined for the specified host name (e.g. www or

home)

• Allow Net Accept HTTP traffic destined for the specified network address (IP

address and subnet mask) (e.g. 192.168.0.0/16)

• Allow Reg Accept HTTP traffic with destination specified as a regular expression

that evaluates to an address or address range (for example

“(.*).domain.com”)

• Deny IP Redirect HTTP traffic destined for the specified IP address

• Deny FQDN Redirect HTTP traffic destined for the specified fully-qualified domain

name (e.g. www.domain.com)

• Deny Host Redirect HTTP traffic destined for the specified host name (e.g. www or

home)

• Deny Net Redirect HTTP traffic destined for the specified network address (IP

address and subnet mask) (e.g. 192.168.0.0/16)

• Deny Reg Redirect HTTP traffic with destination specified as a regular expression

that evaluates to an address or address range (for example

“(.*).domain.com”)

• Allow All Accept all other HTTP traffic. The destination is always specified as

“(.*)”. This is the alternate catch all rule

• Deny All Redirect all other HTTP traffic. The destination is always specified as

“(.*)”. This is the default catch all rule

An Accept rule forwards the traffic to the proxy server; a Deny rule drops the packet and

redirects the client to the Stop page.

Details The specification of the destination, as appropriate for the type of filter.

Table 4-22. HTTP Proxy Tab Field Definitions (Continued)

Field/Column Description