Configuring a layer 7 deny filter – Nortel Networks WEB OS 212777 User Manual

Web OS 10.0 Application Guide

418

n

Chapter 15: Content Intelligent Switching

212777-A, February 2002

Configuring a Layer 7 Deny Filter

1.

Before you can configure Layer 7 deny filter, ensure that the switch has already been con-
figured for basic switch functions:

n

Assign an IP address to each of the real servers in the server pool.

n

Define an IP interface on the switch.

For information on how to configure your network for the above tasks, see

Chapter 6, “Server

Load Balancing

.”

2.

Define the virus string patterns or offending HTTP URL request to be blocked.

3.

Apply and save the configuration.

4.

Identify the IDs of the defined strings.

Number of entries: four

5.

Select the filter and enable the filter action to deny.

6.

Enable URL parsing.

>> # /cfg/slb/layer7/slb/add ida

(Define the code red virus string)

>> Server Loadbalance resource# add %c1%9c

(Define the code blue virus string)

>> Server Loadbalance resource# add

%c0%af

(Define the code blue virus string)

>> Server Loadbalance resource# add playdog.com

(Define the offending URL

request)

>> Server Loadbalance resource# cur

ID

SLB String

1

ida

2

%c1%9c

3

%c0%af

4

playdog.com

>> # /cfg/slb/filt 1

(Select the filter)

>> Filter 1 # action deny

(Set the filter action to deny)

>> Filter 1 # adv

>> Filter 1 Advanced# urlp ena

(Enable URL parsing)