Chapter 23 Content Filtering

Table 111 Content Filter Command Input Values (continued)

LABEL

DESCRIPTION

forbid_hosts

The IP address or domain name of a forbidden web site.

 

Use a host name such as www.bad-site.com into this text field. Do not use the

 

complete URL of the site – that is, do not include “http://”. All subdomains are also

 

blocked. For example, entering “bad-site.com” also blocks “www.bad-site.com”,

 

“partner.bad-site.com”, “press.bad-site.com”, etc. Use up to 63 case-insensitive

 

characters (0-9a-z-).

 

You can enter a single IP address in dotted decimal notation like 192.168.2.5.

 

You can enter a subnet by entering an IP address in dotted decimal notation followed by

 

a slash and the bit number of the subnet mask of an IP address. The range is 0 to 32.

 

To find the bit number, convert the subnet mask to binary and add all of the 1’s

 

together. Take “255.255.255.0” for example. 255 converts to eight 1’s in binary. There

 

are three 255’s, so add three eights together and you get the bit number (24).

 

An example is 192.168.2.1/24

 

You can enter an IP address range by entering the start and end IP addresses

 

separated by a hyphen, for example 192.168.2.5-192.168.2.23.

 

 

keyword

A keyword or a numerical IP address to search URLs for and block access to if they

 

contain it. Use up to 63 case-insensitive characters (0-9a-zA-Z;/?:@&=+$\.-_!~*'()%,)

 

in double quotes. For example enter “Bad_Site” to block access to any web page that

 

includes the exact phrase “Bad_Site”. This does not block access to web pages that only

 

include part of the phrase (such as “Bad” in this example).

 

 

message

The message to display when a web site is blocked. Use up to 255 characters (0-9a-zA-

 

Z;/?:@&=+$\.-_!~*'()%,) in quotes. For example, “Access to this web page is not

 

allowed. Please contact the network administrator.”

 

 

redirect_url

The URL of the web page to which you want to send users when their web access is

 

blocked by content filtering. The web page you specify here opens in a new frame

 

below the denied access message.

 

Use “http://” followed by up to 255 characters (0-9a-zA-Z;/?:@&=+$\.-_!~*'()%) in

 

quotes. For example, “http://192.168.1.17/blocked access”.

 

 

license

The license key (up to 15 characters) for the external web filtering service.

 

 

service_timeout

The value specifies the maximum querying time in seconds <1…60>

 

 

_timeout

The value specifies the maximum life time in hours <1..720>.

 

 

url

The URL of a web site in http://xxx.xxx.xxx format.

 

 

rating_server

The hostname or IP address of the rating server.

 

 

query_timeout

The value specifies the maximum querying time when testing the connection to an

 

external content filtering server or checking its rating for a URL. <1..60> seconds.

 

 

23.6 General Content Filter Commands

The following table lists the commands that you can use for general content filter configuration such as enabling content filtering, viewing and ordering your list of content filtering policies, creating a denial of access message or specifying a redirect URL and checking your external web filtering service registration status. Use the configure terminal command to enter the configuration

 

201

ZyWALL (ZLD) CLI Reference Guide