Web filtering configuration, Introduction to web filtering, Url parameter filtering – H3C Technologies H3C SecPath F1000-E User Manual
Page 100: Overview
1
Web Filtering Configuration
This chapter includes these sections:
•
•
•
Displaying and Maintaining Web Filtering
•
Web Filtering Configuration Examples
•
Introduction to Web Filtering
In legacy network security solutions, network protection is mainly against external attacks. With the
popularity of network applications in every walk of life, however, more and more security threats are
emerging on the internal networks. This requires network devices to satisfy the requirements for a secure
internal network and enhance the security of the internal network.
The Web filtering function can prevent internal users from accessing unauthorized websites and block
Java applets and ActiveX objects from web pages. The Web filtering function covers:
•
•
•
URL Parameter Filtering
Overview
Currently, large quantities of webpages are dynamic and connected with databases, and support data
query and modification through Web requests. This makes it possible to fabricate special SQL statements
in Web requests to obtain confidential data from databases or break down databases by modifying
database information repeatedly. This kind of attack is called SQL injection attack.
To address this problem, the device compares the URL parameters in an HTTP request against SQL
statement keywords and some other characters that may constitute SQL statements. If a match is found,
the device regards the request as an SQL injection attack and denies it. This protection mechanism is
called URL parameter filtering.
Web requests transmit parameters mainly by the "GET" and “POST” methods. The method used for
transmitting parameters determines the positions of the URL parameters, based on which URL parameter
filtering obtains the parameters and then performs filtering. Currently, the device supports URL parameter
filtering of Web requests with the GET, POST or PUT method.