24 | Release Note |
Figure 6: Example of a HTTP filter file.
#The keywords section starts with the string “keywords:”. keywords:
#The keywords can match any part of the URL. URLs containing these entries will
#be denied unless specifically allowed by an entry later in the file.
sex plants toys
.nz
#Putting a * in front of the keyword indicates that the string must appear at
#the end of the URL, for the URL to be denied. The following entry would match www.anything.com/this/is/an/example, but not www.example.com
*example
#The * operator can be used to specify the type of file.
*.mp3 *.jpg
#The URLs section starts with the string “URLS:”, and specifies particular URLs
#to deny, allow or cookie filter.
URLS:
#If no explicit deny is put on the end then the URL is denied.
#Note the implicit /* on the end of the domain.
www.plant.com
www.nude.com
#Specific sections of websites can be matched. The sections must be complete
#folder/directory names, so the following entry would match
#www.hacker.com/dosAttack/dos.html but not www.hacker.com/dosAttacks/dos.html www.hacker.com/dosAttack
#The “nocookies” option denies cookie requests from the domain, and makes an
#implicit allow.
www.acompany.com: nocookies
#The “allow” option can be used to override general URL exclusions. www.nude.com/this/is/not/porn : allow
#The “allow” option can also be used to override general keyword exclusions. www.sexy.plants.com : allow
#The “allow” and “nocookies” options can be combined to allow a URL that is
#forbidden by the keywords, but deny cookie requests.
www.acompany.co.nz : allow nocookies
HTTP Cookies
By default, HTTP cookie requests are allowed to pass through the HTTP proxy configured under the firewall policy. To discard cookie sets from particular domains or URLs, put entries in the filter file for the direction in which you want to filter, as described above. To configure the HTTP proxy to discard all HTTP cookie sets from all responses, use the command:
DISABLE FIREWALL POLICY=name HTTPCOOKIES
where:
■name is a character string, 1 to 15 characters in length. Valid characters are letters
The POLICY parameter specifies the name of the firewall policy for which cookie requests are to be disabled. The policy must already exist.
Software Release 2.3.1