安全分冊(cè)05 web過濾命令

命令手冊(cè)安全分冊(cè)WEB 1disyfirewallhttpactivex- 1disyfirewallhttpjava- 2disyfirewallhttpurl-filter 4disyfirewallhttpurl-filter 6 8 9 9 firewallhttpurl-filterhost firewallhttpurl-filterhost firewallhttpurl-filterhost firewallhttpurl-filterhostip- firewallhttpurl-filterhost firewallhttpurl-filterhost firewallhttpurl-filterhosturl- firewallhttpurl-filter resetfirewall i第1WEB度為1～135個(gè)字符，不區(qū)分大小寫，不包括結(jié)束符；文件名的長度為1～91個(gè)字符，不區(qū)分大小寫，不包括結(jié)束符。disyfirewallhttpactivex-

disyfirewallhttpactivex-blocking[all| |verbose1： 后綴關(guān)鍵字，必須以“.”開頭，為1～9個(gè)字符的字符串（包括“.”在內(nèi)）。如果不指定任何關(guān)鍵字，則顯示ActiveX阻斷的簡要信息。<Sysname> yfirewallhttpactivex-ActiveXblockingis<Sysname>disyfirewallhttpactivex-blockingitemTheHTTPrequestpacketluding".ocx"hadbeenmatchedfor5<Sysname>disyfirewallhttpactivex-blockingall 表1-1disyfirewallhttpactivex-blockingall命令顯示信息描述<Sysname>disyfirewallhttpactivex-blockingverboseActiveXblockingisenabled.NoACLgrouphasbeenconfigured.Thereare5packet(s)beingfiltered.Thereare0packet(s)beingpassed.表1-2disyfirewallhttpactivex-blockingverbose命令顯示信息描述ActiveXblockingisNoACLgrouphasbeenThereare5packet(s)beingThereare0packet(s)being

disyfirewallhttpjava-blocking[all| |verbose 后綴關(guān)鍵字，必須以“.”開頭，為1～9個(gè)字符的字符串（包括“.”在內(nèi)）。如果不指定任何關(guān)鍵字，則顯示JavaApplet阻斷的簡要信息。<Sysname>disyfirewallhttpjava-blockingJavablockingisenabled.<Sysname>disyfirewallhttpjava-blockingitemTheHTTPrequestpacketluding".class"hadbeenmatchedfor10times.#顯示所有JavaApplet阻斷后綴關(guān)鍵字的信息。<Sysname>disyfirewallhttpjava-blocking12030<Sysname>disyfirewallhttpjava-blockingverboseJavablockingisenabled.NoACLgrouphasbeenconfigured.Thereare10packet(s)beingfiltered.Thereare0packet(s)beingpassed.表1-4disyfirewallhttpjava-blockingverbose命令顯示信息描述JavablockingisNoACLgrouphasbeenThereare10packet(s)beingThereare0packet(s)beingdisyfirewallhttpurl-filter

disyfirewallhttpurl-filterhost[all| |verbose <Sysname>disyfirewallhttpurl-filterhostURL-filterhostisenabled.Default#<Sysname>disyfirewallhttpurl-filterhostitem#<Sysname>disyfirewallhttpurl-filterhostall 表1-5disyfirewallhttpurl-filterhostall命令顯示信息描述<Sysname>disyfirewallhttpurl-filterhostverboseURL-filterhostisenabled.Defaultmethod:ThesupportforIPaddress:deny.NoACLgrouphasbeenURL-filterhosthasloadedfileThereare10packet(s)beingfiltered.Thereare0packet(s)beingpassed.表1-6disyfirewallhttpurl-filterhostverbose命令顯示信息描述ThesupportforIPNoACLgrouphasbeenThereare10packet(s)beingThereare0packet(s)beingdisyfirewallhttpurl-filter

disyfirewallhttpurl-filterparameter[all| |verbose “$”、“&”和“*”）以及其它ASCII字符（31<ASCII值<127）構(gòu)成。如果不指定任何關(guān)鍵字，則顯示URL參數(shù)過濾的簡要信息。<Sysname>disyfirewallhttpurl-filterparameterURL-filterparameterisenabled.<Sysname>disyfirewallhttpurl-filterparameteritemTheHTTPrequestpacketluding"^select$"hadbeenmatchedfor10times.#顯示所有URL過濾參數(shù)的信息。<Sysname>disyfirewallhttpurl-filterparamellSNMatch-Times10203040506070‘8090表1-7disyfirewallhttpurl-filterparamell命令顯示信息描述<Sysname>disyfirewallhttpurl-filterparameterverboseURL-filterparameterisenabled.URL-filterparameterhasloadedfileThereare10packet(s)beingfiltered.Thereare0packet(s)beingpassed.表1-8disyfirewallhttpurl-filterparameterverbose命令顯示信息描述URL-filterparameterhasloadedfileThereare10packet(s)beingThereare0packet(s)being

firewallhttpactivex-blockingaclacl-undofirewallhttpactivex-blocking字的WEB請(qǐng)求將按照ACL規(guī)則規(guī)定的方式進(jìn)行處理。暫時(shí)不生效，直到該ACL規(guī)則配置后才能生效。[Sysname]firewallhttpactivex-blockingacl

firewallhttpactivex-blockingundofirewallhttpactivex-blocking無firewallhttpactivex-blockingenableActiveX阻斷功能，并將缺省阻斷關(guān)鍵字“.ocx”添加到ActiveX阻斷關(guān)鍵字列表中。undofirewallhttpactivex-blockingenable命令用來關(guān)閉ActiveX阻斷功能。[Sysname]firewallhttpactivex-blocking

firewallhttpactivex-blockingundofirewallhttpactivex-blockingfirewallhttpactivex-blockingsuffix命令用來添加ActiveX阻斷后綴關(guān)鍵字。undofirewallhttpactivex-blockingsuffix命令用來將指定的ActiveX阻斷后綴關(guān)鍵字從ActiveX阻斷關(guān)鍵字列表中刪除。[Sysname]firewallhttpactivex-blockingsuffix

firewallhttpjava-blockingaclacl-undofirewallhttpjava-blocking鍵字的WEB請(qǐng)求將按照ACL規(guī)則規(guī)定的方式進(jìn)行處理。功能暫時(shí)不生效，直到該ACL規(guī)則配置后才能生效。[Sysname]firewallhttpjava-blockingacl

firewallhttpjava-blockingenableundofirewallhttpjava-blockingenable無httpjava-blockingenable命令用來關(guān)閉JavaApplet阻斷功能。[Sysname]firewallhttpjava-blockingfirewallhttpjava-blocking

firewallhttpjava-blockingsuffixundofirewallhttpjava-blockingsuffix：表示需要阻斷的后綴關(guān)鍵字，必須以“.1～9個(gè)字符的字符firewallhttpjava-blockingsuffixJavaApplet阻斷后綴關(guān)鍵字。undofirewallhttpjava-blockingsuffixJavaApplet阻斷后綴關(guān)鍵字從JavaApplet阻斷關(guān)鍵字列表中刪除。[Sysname]firewallhttpjava-blockingsuffixfirewallhttpurl-filterhost

firewallhttpurl-filterhostaclacl-undofirewallhttpurl-filterhostfirewallhttpurl-filterhostaclACL規(guī)則。undofirewallhttpurl-filterhostacl命令用來刪除設(shè)置的網(wǎng)頁地址過濾ACL規(guī)則。不生效，直到該ACL規(guī)則配置后才能生效。<Sysname>system-view[Sysname]aclnumber2000[Sysname-acl-basic-2000]rule0permitsource[Sysname-acl-basic-2000]quit[Sysname]firewallhttpurl-filterhostaclfirewallhttpurl-filterhost

firewallhttpurl-filterhostdefault{deny|permitfirewallhttpurl-filterhostdefault命令用來配置網(wǎng)頁地址過濾的缺省過濾行為，#[Sysname]firewallhttpurl-filterhostdefaultfirewallhttpurl-filterhost

firewallhttpurl-filterhostundofirewallhttpurl-filterhost無firewallhttpurl-filterhostenableURL網(wǎng)頁地址過濾功能。undofirewallhttpurl-filterhostenable命令用來關(guān)閉URL網(wǎng)頁地址過濾功能。[Sysname]firewallhttpurl-filterhostfirewallhttpurl-filterhostip-

firewallhttpurl-filterhostip-address{deny|permit缺省情況下，URL網(wǎng)頁地址過濾不支持IP地址，即以IP地址直接訪問的WEB請(qǐng)求通過。[Sysname]firewallhttpurl-filterhostip-addressfirewallhttpurl-filterhost

firewallhttpurl-filterhostloadfile-undofirewallhttpurl-filterhost啟動(dòng)時(shí)將網(wǎng)頁地址過濾條目從指定文件中重新裝載到設(shè)備上。undofirewallhttpurl-filterhostload命令用來指示設(shè)備重新啟動(dòng)時(shí)不再進(jìn)行過濾條目的裝載。#[Sysname]firewallhttpurl-filterhostloadfirewallhttpurl-filterhost

firewallhttpurl-filterhostsavefile-firewallhttpurl-filterhostsave命令用來將網(wǎng)頁地址過濾條目保存到指定的文件#[Sysname]firewallhttpurl-filterhostsavefirewallhttpurl-filterhosturl-

firewallhttpurl-filterhosturl-address{deny|permit}url-undofirewallhttpurl-filterhosturl-address[url-address表1-9^$&*表示以“webfilter”開頭的（如 .cn）或類似于 含獨(dú)立詞語“webfilter”的，比如 ，但是類似于.com的將不會(huì)被過濾 firewallhttpurl-filterhosturl-address命令用來添加網(wǎng)頁地址過濾條目，并設(shè)置過濾行為。undofirewallhttpurl-filterhosturl-address命令用來刪除網(wǎng)頁地址為deny，可以直接將其修改為permit。[Sysname]firewallhttpurl-filterhosturl-addresspermit^firewallhttpurl-filter

firewallhttpurl-filterparameter{default undofirewallhttpurl-filterparameter[default default 如"selectall"。一個(gè)空格可以匹配參數(shù)名中連續(xù)的多個(gè)空格。通配符具體含義如表表1-10^$&*URL過濾參數(shù)列表中。undofirewallhttpurl-filterparameter命令用來刪除URL過濾參數(shù)。firewallhttpurl-filter[Sysname]firewallhttpurl-filter firewallhttpurl-filterparameter

firewallhttpurl-filterparameterenableundofirewallhttpurl-filterparameterenable無firewallhttpurl-filterhosten