Configuring content filtering, Overview, Http packet content filtering – H3C Technologies H3C SecPath F1000-E User Manual
Page 64
56
Configuring content filtering
The content filtering configuration is available only in the Web interface.
Overview
With content filtering configured, the firewall will filter contents carried in Hypertext Transfer Protocol
(HTTP) packets, Simple Mail Transfer Protocol (SMTP) packets, Post Office Protocol version 3 (POP3)
packets, File Transfer Protocol (FTP) packets, and Telnet packets according to the configuration, so as to
prevent internal users from accessing illegal websites or sending illegal emails and prevent packets
carrying illegal contents from entering the internal network.
Upon receiving HTTP, SMTP, POP3, FTP, or Telnet packets, the firewall first matches the packets against
interzone policies. If the action of the matched interzone policy is permit and the policy is configured with
a content filtering policy, the firewall will proceed matching the packets against the content filtering
policy to prevent illegal packets from passing through.
HTTP packet content filtering
The HTTP packet content filtering, hereafter referred to as HTTP filtering, includes these functions:
•
Uniform Resource Locator (URL) hostname filtering—Checks the hostname in the required URL of an
HTTP request, preventing internal users from accessing specified websites.
•
Header filtering—The Header field in an HTTP response usually contains the type of the current
Web page (such as text and figure), the content length, the basic server information (such as server
type and response time), and the HTTP version. Using header filtering, the firewall can prevent HTTP
responses with specified information carried in the header from passing through.
•
Body filtering—Filters the body message carried in an HTTP packet from a server to a client, that is,
the content to be displayed by a browser. In this way, the firewall can prevent HTTP packets with
specified contents in the body from passing through, thus preventing illegal contents from spreading
over the internal network.
•
URL IP blocking—Blocks all HTTP requests that carry an IP address in the URL, so as to prevent
internal users from using IP addresses in the URLs to access websites.
•
URL parameter filtering—Protects websites against attacks that use URL parameters. For example,
URL parameter filtering can match an HTTP request against the keywords of SQL statements and
other characters that may constitute an SQL statement. If there is a match, the firewall will consider
the packet an SQL injection attack packet and drop it.
NOTE:
•
The firewall supports URL parameter filtering of Web requests with the Get, Post, or Put method.
•
Web pages are usually dynamic and connected with databases, and support data query and
modification through Web requests. This makes it possible for attackers to fabricate special SQL
statements in Web requests to obtain confidential data from databases or break down databases by
modifying database information repeatedly. Such attacks are known as SQL injection attacks.