Layer 7 deny filter, Layer 7 deny filter 417, Figure 15-9: configuring layer 7 deny filter 417 – Nortel Networks WEB OS 212777 User Manual

Web OS 10.0 Application Guide

Chapter 15: Content Intelligent Switching

n

417

212777-A, February 2002

When a client request is received with

www.a.com

in the Host Header and .jpg in the URL,

the request will be load balanced between Server 1 and Server 2.

To accomplish this configuration, you must assign multiple strings (a Host Header string and a
URL string) for each real server.

Layer 7 Deny Filter

Web OS allows you to secure your switch from virus attacks by configuring the switch with a
list of potential offending string patterns (HTTP URL request). The switch examines the HTTP
content of the incoming client request for the matching string pattern. If the matching virus
pattern is found, then the packet is dropped and a reset frame is sent to the offending client.
SYSLOG messages and SNMP traps are generated warning operators of a possible attack.

Figure 15-9

shows an incoming client request with a virus string. The Web switch is config-

ured for Layer 7 deny filter, so it blocks the incoming packet with the virus string and prevents
it from entering the network.

Figure 15-9 Configuring Layer 7 Deny Filter

Web Switch

Internet

Real servers

Clients

Any virus string
www.playdog.com

STOP

2. Switch filter
processes the
string and
denies entry to
the network.

1. Client sends
a URL request
with a virus
string.