Content filtering, Overview, Http packet content filtering – H3C Technologies H3C SecPath F1000-E User Manual
Page 671
1
Content Filtering
Overview
With content filtering configured, the device will filter contents carried in Hypertext Transfer Protocol
(HTTP) packets and Simple Mail Transfer Protocol (SMTP) packets according to the configuration, so as
to prevent internal users from accessing illegal websites or sending illegal emails and prevent packets
carrying illegal contents from entering the internal network.
Upon receiving HTTP or SMTP packets, the device first matches the packets against interzone policies. If
the action of the matched interzone policy is permit and the policy is configured with a content filtering
policy, the device will proceed matching the packets against the content filtering policy to prevent illegal
packets from passing through.
HTTP Packet Content Filtering
The HTTP packet content filtering, hereinafter referred to as HTTP filtering, includes these functions:
•
Uniform Resource Locator (URL) hostname filtering: Allows the device to check the hostname in the
required URL of an HTTP request, preventing internal users from accessing specified websites.
•
Header filtering: The Header field in an HTTP response usually contains the type of the current Web
page (such as text and figure), the content length, the basic server information (such as server type
and response time), and the HTTP version. Using header filtering, the device can prevent HTTP
responses with specified information carried in the header from passing through.
•
Body filtering: Allows the device to filter the body message carried in an HTTP packet from a server
to a client, that is, the content to be displayed by a browser. In this way, the device can prevent HTTP
packets with specified contents in the body from passing through, thus preventing illegal contents
from spreading over the internal network.
•
URL IP blocking: Allows the device to block all HTTP requests that carry an IP address in the URL, so
as to prevent internal users from using IP addresses in the URLs to access websites.
•
URL parameter filtering: Allows the device to protect websites against attacks that use URL
parameters. For example, URL parameter filtering can match an HTTP request against the keywords
of SQL statements and other characters that may constitute an SQL statement. If there is a match, the
device will consider the packet an SQL injection attack packet and drop it.
NOTE:
•
The device supports URL parameter filtering of Web requests with the Get, Post, or Put method.
•
At present, Web pages are usually dynamic and connected with databases, and support data query
and modification through Web requests. This makes it possible for attackers to fabricate special SQL
statements in Web requests to obtain confidential data from databases or break down databases by
modifying database information repeatedly. Such attacks are known as SQL injection attacks.