Configuring content filtering, Overview, Http packet content filtering – H3C Technologies H3C SecPath F1000-E User Manual

56

Configuring content filtering

The content filtering configuration is available only in the Web interface.

Overview

With content filtering configured, the firewall will filter contents carried in Hypertext Transfer Protocol
(HTTP) packets, Simple Mail Transfer Protocol (SMTP) packets, Post Office Protocol version 3 (POP3)

packets, File Transfer Protocol (FTP) packets, and Telnet packets according to the configuration, so as to

prevent internal users from accessing illegal websites or sending illegal emails and prevent packets

carrying illegal contents from entering the internal network.
Upon receiving HTTP, SMTP, POP3, FTP, or Telnet packets, the firewall first matches the packets against

interzone policies. If the action of the matched interzone policy is permit and the policy is configured with

a content filtering policy, the firewall will proceed matching the packets against the content filtering

policy to prevent illegal packets from passing through.

HTTP packet content filtering

The HTTP packet content filtering, hereafter referred to as HTTP filtering, includes these functions:

•

Uniform Resource Locator (URL) hostname filtering—Checks the hostname in the required URL of an
HTTP request, preventing internal users from accessing specified websites.

•

Header filtering—The Header field in an HTTP response usually contains the type of the current

Web page (such as text and figure), the content length, the basic server information (such as server
type and response time), and the HTTP version. Using header filtering, the firewall can prevent HTTP

responses with specified information carried in the header from passing through.

•

Body filtering—Filters the body message carried in an HTTP packet from a server to a client, that is,
the content to be displayed by a browser. In this way, the firewall can prevent HTTP packets with

specified contents in the body from passing through, thus preventing illegal contents from spreading
over the internal network.

•

URL IP blocking—Blocks all HTTP requests that carry an IP address in the URL, so as to prevent
internal users from using IP addresses in the URLs to access websites.

•

URL parameter filtering—Protects websites against attacks that use URL parameters. For example,
URL parameter filtering can match an HTTP request against the keywords of SQL statements and

other characters that may constitute an SQL statement. If there is a match, the firewall will consider

the packet an SQL injection attack packet and drop it.

NOTE:
•

The firewall supports URL parameter filtering of Web requests with the Get, Post, or Put method.

•

Web pages are usually dynamic and connected with databases, and support data query and
modification through Web requests. This makes it possible for attackers to fabricate special SQL

statements in Web requests to obtain confidential data from databases or break down databases by

modifying database information repeatedly. Such attacks are known as SQL injection attacks.