Denial of service (dos) attack protection, Denial of service (dos) attack protection -15 – Enterasys Networks Security Router X-PeditionTM User Manual

Page 401

Advertising
background image

XSR Firewall Feature Set Functionality

XSR User’s Guide 16-15

Figure 16-11 Blocked Web Site Screen

You must include the re-direct URL in the white URL list when redirect URL is used with a white
list, otherwise the XSR will enter an endless loop with the Web browser, performing re-direction
to the same re-directed URL because it is not in the list.

URL-W tells the XSR to search the requested URL using the URL white list which restricts Web
surfing to URLs matching the URL list. If a user tries to surf a Web site not on the URL list, he will
be presented with blocked page similar to that shown above. If the XSR’s optional redirect URL is
configured (refer to the following section for details), then the user’s Web client will be re-directed
to fetch the configured redirect URL page. If a white URL list is not loaded, no http access is
permitted for traffic set by the policy.

URL filtering on black and white lists, respectively, can be configured as part of your firewall
policy as follows:

XSR(config)#ip firewall policy Block_URL studentNet ANY_EXTERNAL HTTP URL-B allow
XSR(config)#ip firewall policy RestrictURL storeNet ANY_EXTERNAL HTTP URL-W allow

Configuring URL Redirection

You can configure a redirect URL with the

ip firewall redirect URLredirect_url_string

command. The redirect_url_string must uniquely identify the URL of the desired Web page to
display and may total up to 63 characters. For example:

XSR(config)#ip firewall redirectURL www.ACME_INC.com/index.html

Denial of Service (DoS) Attack Protection

Security for internal hosts against a common set of DoS attacks when the firewall is enabled
(globally and per interface). The firewall also uses the XSR’s HostDoS feature to perform anti-
spoofing - it enforces hostDos check-spoof for any firewall-enabled interface regardless of the
hostDoS check-spoof setting. Check-spoofing is performed by validating the source IP address

Caution: You must include the re-direct URL in the white URL list when redirect URL is used with
a white list, otherwise the XSR will enter an endless loop with the Web browser, performing re-
direction to the same re-directed URL because it is not in the list

Note: The ip firewall redirectURL command takes effect immediately.

Advertising
Popular Brands
Popular manuals