22 | Release Note |
Firewall HTTP Proxies and Firewall Policies
To add or delete a Firewall HTTP proxy, use the new HTTP option for the
PROXY parameter in the commands:
ADD FIREWALL
DELETE FIREWALL
INTERFACE=interface GBLINTERFACE=interface DIRECTION={IN
OUTBOTH} [IP=ipadd]
The PROXY parameter specifies the application proxy that will be added to the security policy. Available application proxies are described in Table 4.
Table 4: Application Proxies.
Proxy | Functions |
|
|
HTTP | Filtering of requested URLs. |
|
|
| Blocking/filtering of cookies. |
|
|
SMTP | Provides filtering of spam email from known spam sources. |
|
|
| Blocking of third party relay attacks. |
|
|
| Blocking of email smurf amp attacks. |
|
|
HTTP Filters
To add to or delete from the HTTP filter for a firewall policy, use the commands:
ADD FIREWALL POLICY=name HTTPFILTER=filename [DIRECTION={IN
OUT}]
DELETE FIREWALL POLICY=name HTTPFILTER=filename [DIRECTION={INOUT}]
where:
■name is a character string, 1 to 15 characters in length. Valid characters are letters
■filename is the name of a file on the router.
These commands add or delete the contents of a HTTP filter file from the HTTP filter of the specified firewall policy. The HTTP filter file contains a list of URLs, keywords and cookie settings that are used to filter the traffic traversing the HTTP proxy.
The POLICY parameter specifies the policy to which the HTTP filter file will be added. It must already exist.
The HTTPFILTER parameter specifies the name of the HTTP filter file. The filter file is a file type with a .txt extension containing zero or more single line entries. The string keywords: must be placed at the beginning of the file and is used to start the keyword section. Keywords can be placed on the same line if they are separated by a space, or placed on separate lines. The URL section is indicated by a URLS: keyword as the first word on the line. URL entries must contain full domain, directory, and folder names. Only one domain is allowed
Software Release 2.3.1
