Allied Telesis AT-AR300 manual Http Cookies

Page 24

24

Release Note

Figure 6: Example of a HTTP filter file.

#The keywords section starts with the string “keywords:”. keywords:

#The keywords can match any part of the URL. URLs containing these entries will

#be denied unless specifically allowed by an entry later in the file.

sex plants toys

.nz

#Putting a * in front of the keyword indicates that the string must appear at

#the end of the URL, for the URL to be denied. The following entry would match www.anything.com/this/is/an/example, but not www.example.com

*example

#The * operator can be used to specify the type of file.

*.mp3 *.jpg

#The URLs section starts with the string “URLS:”, and specifies particular URLs

#to deny, allow or cookie filter.

URLS:

#If no explicit deny is put on the end then the URL is denied.

#Note the implicit /* on the end of the domain.

www.plant.com

www.nude.com

#Specific sections of websites can be matched. The sections must be complete

#folder/directory names, so the following entry would match

#www.hacker.com/dosAttack/dos.html but not www.hacker.com/dosAttacks/dos.html www.hacker.com/dosAttack

#The “nocookies” option denies cookie requests from the domain, and makes an

#implicit allow.

www.acompany.com: nocookies

#The “allow” option can be used to override general URL exclusions. www.nude.com/this/is/not/porn : allow

#The “allow” option can also be used to override general keyword exclusions. www.sexy.plants.com : allow

#The “allow” and “nocookies” options can be combined to allow a URL that is

#forbidden by the keywords, but deny cookie requests.

www.acompany.co.nz : allow nocookies

HTTP Cookies

By default, HTTP cookie requests are allowed to pass through the HTTP proxy configured under the firewall policy. To discard cookie sets from particular domains or URLs, put entries in the filter file for the direction in which you want to filter, as described above. To configure the HTTP proxy to discard all HTTP cookie sets from all responses, use the command:

DISABLE FIREWALL POLICY=name HTTPCOOKIES

where:

name is a character string, 1 to 15 characters in length. Valid characters are letters (a-z, A-Z), digits (0-9) and the underscore character (“_”).

The POLICY parameter specifies the name of the firewall policy for which cookie requests are to be disabled. The policy must already exist.

Software Release 2.3.1 C613-10325-00 REV B

Image 24
Contents Software Release Introduction Hardware PlatformsRapier i Series Hot Swapping Network Service Modules Hot swap an NSM out of an NSM bay Software Features Example output from the Show Interface command NSM Hot Swap Software SupportDomain Name Server Enhancements DNS CachingServer Selection Automatic Nameserver Configuration Telnet Server Port NumberTriggers for Ethernet Interfaces Enco Channels IP Security IPsec Source Interface Enhancements Ospf on Demand Isdn Paladin Firewall Enhancements Interface-based NATRule-based NAT New Command Syntax Time Limited RulesRelease Note Software Release Web Redirection with Reverse NAT Rules Required parameters for Firewall NAT rules ParametersFurther Examples Firewall and IPsec TunnelStandard NAT Paladin Firewall Http Application Gateway Proxy Show OutputFirewall Http Proxies and Firewall Policies Http FiltersADD Firewall POLICY=zone1 HTTPFILTER=banned.htp Http Cookies Firewall Policy Debugging Show Firewall PolicyVrrp Port Monitoring Http Proxy Filter FileWhere Stepvalue is a decimal number in the range 1 to Border Gateway Protocol 4 BGP-4 IP and Interface Counters Internet Protocol IPTo reset IP interfaces, use the command Example output from the Show IP COUNTER=INTERFACE command Example output from the Show IP COUNTER=SNMP command Telephony PBX Functionality Bandwidth Limiting Errata Telnet ServerInstallation Enable Telnet ServerRelease Note