Management and Configuration Guide (Includes ACM xl) 2005-12

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

131

132

133

134

135

136

137

138

139

140

4-82 ProCurve Secure Access 700wl Series Management and Configuration Guide

Configuring Rights

Step 4.

In the Details field, enter a specification for the destination that will identify the traffic that

should be allowed or denied based on this rule. The description column of Table 4-34 specifies

the form of the destination specifications for each filter rule type.

Step 5. To specify that the 700wl Series system should verify the destination name or address via DNS

before forwarding it to the proxy server, check the

Verify via DNS check box.

Note:

The Verify via DNS option is a relatively costly processing operation. Therefore, it is

good practice to use it sparingly. You would typically use it with a Deny rule, especially a Deny

IP or Deny Net rule, to detect and prevent requests with spoofed DNS that could result in access

to restricted sites.

Step 6.

Click Save to save this filter. If you have edited an existing filter, this replaces the original filter

with the modified filter definition.

To add the modified filter as a new HTTP Proxy filter, leaving the original filter unchanged, click

Save As Copy. The Save As Copy button is available only on the Edit Filter page.

After a

Save As Copy the same page remains displayed so you can make additional changes.

Click

Cancel to return to the previous page without making any further changes.

Example—Modifying the Guest Access Policy

The following sections provide examples of how to modify access rights by editing the settings for an

Access Policy. The Guest Access Policy is used as the example because you will need to modify this

Access Policy (or create a copy and give it some additional rights) if you want to allow Guests users to

log onto your network and have network or Internet access. The first example shows how to modify the

Outside World Allowed Traffic filter to enable guest access to the Internet without allowing access to

internal locations. The second example shows how to use the automatic HTTP proxy feature.

By default, the predefined Guest Access Policy includes only the Allowed and Redirected Traffic filters

that enable a Guest to log onto the system. Once logged on, a guest has no access rights to any part of

• Deny Host Redirects HTTP traffic destined for a specified host name

For example, www or home

• Deny Net Redirects HTTP traffic destined for a specified network address (IP address and

subnet mask)

For example, 192.168.0.0/16

• Deny Reg Redirects HTTP traffic to a destination specified as a regular expression that

evaluates to an address or address range.

For example “(.*).domain.com”

• Allow All Accepts all HTTP traffic. This is the alternate catch all rule

The destination is always specified as “(.*)”.

• Deny All Redirects all HTTP traffic. This is the default catch all rule

The destination is always specified as “(.*)”.

Table 4-34. HTTP Proxy Filter Types

Filter Rule Type Description