Allied Telesis AT-AR300 manual Firewall Http Proxies and Firewall Policies, Http Filters

Page 22

22

Release Note

Firewall HTTP Proxies and Firewall Policies

To add or delete a Firewall HTTP proxy, use the new HTTP option for the

PROXY parameter in the commands:

ADD FIREWALL POLICY=policy-namePROXY={HTTPSMTP} INTERFACE=interface GBLINTERFACE=interface DIRECTION={IN OUTBOTH} [IP=ipadd] [DAYS=day-list] [AFTER=hh:mm] [BEFORE=hh:mm]

DELETE FIREWALL POLICY=policy-namePROXY={HTTPSMTP}

INTERFACE=interface GBLINTERFACE=interface DIRECTION={IN

OUTBOTH} [IP=ipadd]

The PROXY parameter specifies the application proxy that will be added to the security policy. Available application proxies are described in Table 4.

Table 4: Application Proxies.

Proxy

Functions

 

 

HTTP

Filtering of requested URLs.

 

 

 

Blocking/filtering of cookies.

 

 

SMTP

Provides filtering of spam email from known spam sources.

 

 

 

Blocking of third party relay attacks.

 

 

 

Blocking of email smurf amp attacks.

 

 

HTTP Filters

To add to or delete from the HTTP filter for a firewall policy, use the commands:

ADD FIREWALL POLICY=name HTTPFILTER=filename [DIRECTION={IN

OUT}]

DELETE FIREWALL POLICY=name HTTPFILTER=filename [DIRECTION={INOUT}]

where:

name is a character string, 1 to 15 characters in length. Valid characters are letters (a-z, A-Z), digits (0-9) and the underscore character (“_”).

filename is the name of a file on the router.

These commands add or delete the contents of a HTTP filter file from the HTTP filter of the specified firewall policy. The HTTP filter file contains a list of URLs, keywords and cookie settings that are used to filter the traffic traversing the HTTP proxy.

The POLICY parameter specifies the policy to which the HTTP filter file will be added. It must already exist.

The HTTPFILTER parameter specifies the name of the HTTP filter file. The filter file is a file type with a .txt extension containing zero or more single line entries. The string keywords: must be placed at the beginning of the file and is used to start the keyword section. Keywords can be placed on the same line if they are separated by a space, or placed on separate lines. The URL section is indicated by a URLS: keyword as the first word on the line. URL entries must contain full domain, directory, and folder names. Only one domain is allowed

Software Release 2.3.1 C613-10325-00 REV B

Page 21 Page 23
Image 22
Page 21 Page 23
Contents Software Release Hardware Platforms IntroductionRapier i Series Hot Swapping Network Service Modules Hot swap an NSM out of an NSM bay Software Features Example output from the Show Interface command NSM Hot Swap Software SupportDomain Name Server Enhancements DNS CachingServer Selection Telnet Server Port Number Automatic Nameserver ConfigurationTriggers for Ethernet Interfaces Enco Channels IP Security IPsec Source Interface Enhancements Ospf on Demand Isdn Interface-based NAT Paladin Firewall EnhancementsRule-based NAT New Command Syntax Time Limited RulesRelease Note Software Release Web Redirection with Reverse NAT Rules Required parameters for Firewall NAT rules ParametersFurther Examples Firewall and IPsec TunnelStandard NAT Paladin Firewall Http Application Gateway Proxy Show OutputFirewall Http Proxies and Firewall Policies Http FiltersADD Firewall POLICY=zone1 HTTPFILTER=banned.htp Http Cookies Firewall Policy Debugging Show Firewall PolicyVrrp Port Monitoring Http Proxy Filter FileWhere Stepvalue is a decimal number in the range 1 to Border Gateway Protocol 4 BGP-4 IP and Interface Counters Internet Protocol IPTo reset IP interfaces, use the command Example output from the Show IP COUNTER=INTERFACE command Example output from the Show IP COUNTER=SNMP command Telephony PBX Functionality Bandwidth Limiting Errata Telnet ServerInstallation Enable Telnet ServerRelease Note
Top Page Image Contents