H3C SecPath Series, Command Reference Manual

Page 1: ...High End Firewalls Attack Protection Command Reference Hangzhou H3C Technologies Co Ltd http www h3c com Software version SECPATH1000FE SECBLADEII CMW520 R3166 SECPATH5000FA CMW520 R3206 Document vers...

Page 2: ...ware Secware Storware NQA VVG V2 G Vn G PSPT XGbus N Bus TiGem InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are th...

Page 3: ...mand conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown Italic Italic text represents arguments that you replace with actual value...

Page 4: ...ot understood or followed can result in personal injury CAUTION An alert that calls attention to important information that if not understood or followed can result in data loss data corruption or dam...

Page 5: ...s Configuration examples Describe typical network scenarios and provide configuration examples and instructions Operations and maintenance Software upgrade guide Describes the software upgrade procedu...

Page 6: ...Technical support service h3c com http www h3c com Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...

Page 7: ...l http activex blocking suffix 9 firewall http java blocking acl 9 firewall http java blocking enable 10 firewall http java blocking suffix 11 firewall http url filter host acl 11 firewall http url fi...

Page 8: ...estricted by the number of static ARP entries that the firewall supports As a result the firewall may fail to change all dynamic ARP entries into static Suppose that the number of dynamic ARP entries...

Page 9: ...primary IP address of the interface resides for neighbors The start IP address and end IP address must be on the same network as the primary IP address or manually configured secondary IP addresses o...

Page 10: ...of 1 to 9 characters It must start with a dot and consist of characters 0 to 9 a to z and A to Z verbose Specifies detailed information Description Use the display firewall http activex blocking comma...

Page 11: ...keywords Specifies a blocking suffix keyword It is a string of 1 to 9 characters It must start with a dot and consist of characters 0 to 9 a to z and A to Z verbose Specifies detailed information Des...

Page 12: ...ring keywords item keywords Specifies a filtering keyword The keywords argument is a case insensitive string of 1 to 80 characters Valid characters include 0 to 9 a to z A to Z dot hyphen underline _...

Page 13: ...eny No ACL group has been configured URL filter host has loaded file cfa0 urlfilter There are 10 packet s being filtered There are 0 packet s being passed Table 4 Output description Field Description...

Page 14: ...cket including select had been matched for 10 times Display URL parameter filtering information about all keywords Sysname display firewall http url filter parameter all SN Match Times Keywords 1 0 se...

Page 15: ...requests containing any suffix keywords in the ActiveX blocking suffix list will be processed according to the ACL You can specify multiple ACLs for ActiveX blocking but only the last one takes effec...

Page 16: ...level Parameters keywords Blocking suffix keyword a case insensitive string of 1 to 9 characters It must start with a dot and consist of characters 0 to 9 a to z and A to Z Description Use the firewal...

Page 17: ...ocking based on the ACL takes effect only after you create and configure the ACL correctly Related commands display firewall http java blocking Examples Specify the ACL for Java blocking as ACL 2002 S...

Page 18: ...va blocking suffix command to add a Java blocking suffix keyword to the Java blocking suffix list Use the undo firewall http java blocking suffix command to remove a Java blocking suffix keyword from...

Page 19: ...host Examples Specify URL address filtering to permit Web requests with website IP addresses permitted by ACL 2000 Sysname system view Sysname acl number 2000 Sysname acl basic 2000 rule 0 permit sour...

Page 20: ...ter host Examples Enable the URL address filtering function Sysname system view Sysname firewall http url filter host enable firewall http url filter host ip address Syntax firewall http url filter ho...

Page 21: ...he file storing the filtering entries The name must contain the file path Description Use the firewall http url filter host load command to configure the firewall to load a specified URL address filte...

Page 22: ...ldcard Meaning Usage guidelines Matches website addresses starting with the keyword It can be present once at the beginning of a filtering entry Matches website addresses ending with the keyword It ca...

Page 23: ...on for an existing filtering entry for example from deny to permit Related commands display firewall http url filter host Examples Add filtering entry china to the URL address filtering entry list and...

Page 24: ...he URL parameter filtering entry list Use the undo firewall http url filter parameter command to remove URL parameter filtering entries from the list If no parameters are specified the undo firewall h...

Page 25: ...url filter parameter load View System view Default level 2 System level Parameters file name Name of the file storing the parameter filtering entries The name must contain the file path Description U...

Page 26: ...er reset firewall http Syntax reset firewall http activex blocking java blocking url filter host url filter parameter counter View User view Default level 1 Monitor level Parameters activex blocking S...

Page 27: ...9 firewall http java blocking enable 10 firewall http java blocking suffix 1 1 firewall http url filter host acl 1 1 firewall http url filter host default 12 firewall http url filter host enable 13 f...