Filtering management

default action

The command sets an action for unauthorized users' traffic processing .

The use of a negative (no) form of the command deletes an action for unauthorized users' traffic processing.

Syntax

default action <ACTION> { redirect-url <REDIRECT-URL>}

no default action

Parameters

<ACTION> – an action for traffic that is not described in a profile. Possible values:

permit – permit HTTP requests;
deny – block HTTP requests;
redirect – redirect requests to a certain URL address.

<REDIRECT-URL> – URL address for HTTP requests redirection. Specified in 'redirect' mode only.

Default value

Not specified.

Required privilege level

15

Command mode

CONFIG-PROXY-PROFILE

Example

esr(config-profile)# default action deny

CODE

description

This command specifies the description of a filtering profile.

The use of a negative form (no) of the command removes description.

Syntax

description <DESCRIPTION>

no description

Parameters

<DESCRIPTION> – interface description, set by a string of up to 255 characters.

Required privilege level

10

Command mode

CONFIG-PROXY-PROFILE

Example

esr(config-profile)# description "deny any"

CODE

filter

The command enables traffic filtering mode.

The use of a negative form (no) of the command disables traffic filtering mode.

Syntax

[no] filter <DATA-TYPE>

Parameters

<DATA-TYPE> – a type of data filtered. May take the following values:

activex
cookie
js

Default value

Disabled.

Required privilege level

15

Command mode

CONFIG-PROXY-PROFILE

Example

esr(config-profile)# filter cookie

CODE

log enable

This command enables proxy profile logging.

The use of a negative form (no) of the command enables proxy profile logging.

Syntax

[no] log enable

Parameters

None.

Default value

Disabled.

Required privilege level

15

Command mode

CONFIG-PROXY-PROFILE

Example

esr(config-proxy-profile)# log enable

CODE

ip http profile

The command creates an HTTP traffic filtering profile and enables profile configuration mode.

The use of a negative form of the command deletes an HTTP traffic filtering profile.

Syntax

[no] ip http profile <NAME>

Parameters

<NAME> – a name of an HTTP traffic filtering profile set by a string of [1..31] characters.

Required privilege level

10

Command mode

CONFIG

Example

esr(config)# ip http profile HTTP-BLOCKED

CODE

ip http proxy

The command assigns an HTTP traffic filtering profile to an interface or a tunnel.

The use of a negative form of the command deletes an HTTP traffic filtering profile.

Syntax

ip http proxy <NAME>

no ip http proxy

Parameters

<NAME> – profile name. Set by the string of up to 31 characters.

Required privilege level

10

Command mode

CONFIG-GI

CONFIG-TE

CONFIG-SUBIF

CONFIG-QINQ-IF

CONFIG-PORT-CHANNEL

CONFIG-BRIDGE

CONFIG-CELLULAR-MODEM

CONFIG-GRE

CONFIG-IP4IP4

CONFIG-VTI

CONFIG-LT

CONFIG-PPPOE

Example

esr(config-cellular-modem)# ip http proxy HTTP-BLOCKED

CODE

ip http proxy aaa das-profile

The command sets a profile for dynamic authorization servers (DAS) to which CoA requests on URL lists modification will be sent by PCRF.

The use of a negative (no) form of the command removes the DAS profile.

Syntax

ip http proxy aaa das-profile <NAME>

no ip http proxy aaa das-profile

Parameters

<NAME> – DAS profile name, set by the string of up to 31 characters.

Default value

Profile is not specified.

Required privilege level

15

Command mode

CONFIG

Example

esr(config)# ip http proxy aaa das-profile my_server

CODE

ip http proxy listen-ports

The command creates a list of TCP ports (in addition to 80 and 8080) for HTTP requests filtering.

The use of a negative (no) form of the command removes a list created before.

Syntax

[no] ip http proxy listen-ports <SERVICE_OBJ_GROUP_NAME>

Parameters

<SERVICE_OBJ_GROUP_NAME> – port profile (object-group service). Set by the string of up to 31 characters.

Default value

80, 8080

Required privilege level

10

Command mode

CONFIG

Example

esr(config)# ip http proxy listen-ports HTTP-ADD

CODE

ip http proxy redirect-port

This command defines the base HTTP Proxy server port on the router. The number of ports used corresponds to the number of processor cores.

The use of a negative form (no) of the command sets the default value.

Syntax

ip http proxy redirect-port <PORT>

no ip http proxy redirect-port

Parameters

<PORT> – port number, set in the range of [1..65535].

Default value

3128

Required privilege level

15

Command mode

CONFIG

Example

esr(config)# ip proxy http redirect-port 3001

CODE

ip http proxy server-url

The command specifies a URL address of a server from which a filtering list will be received.

The use of a negative form (no) of the command removes a specified server URL.

Syntax

[no] ip http proxy server-url <URL>

Parameters

<URL> – URL address of a resource from which a file containing a filtering list should be downloaded. Set by a string of [8..255] characters.

Required privilege level

10

Command mode

CONFIG

Example

esr(config)# ip http proxy server-url http://domain.example

CODE

ip https proxy

The command assigns an HTTP request filtering profile to an interface or a tunnel.

The use of a negative form (no) of the command sets the default value.

Syntax

ip https proxy <NAME>

no ip https proxy

Parameters

<NAME> – profile name. Set by the string of up to 31 characters.

Required privilege level

10

Command mode

CONFIG-GI

CONFIG-TE

CONFIG-SUBIF

CONFIG-QINQ-IF

CONFIG-PORT-CHANNEL

CONFIG-BRIDGE

CONFIG-CELLULAR-MODEM

CONFIG-GRE

CONFIG-IP4IP4

CONFIG-VTI

CONFIG-LT

CONFIG-PPPOE

Example

esr(config-cellular-modem)# ip https proxy HTTPS-BLOCKED

CODE

ip https proxy listen-ports

The command creates a list of TCP ports (in addition to 433) for HTTP requests filtering.

The use of a negative (no) form of the command removes a list created before.

Syntax

[no] ip https proxy listen-ports <SERVICE_OBJ_GROUP_NAME>

Parameters

<SERVICE_OBJ_GROUP_NAME> – port profile (object-group service). Set by the string of up to 31 characters.

Default value

433

Required privilege level

10

Command mode

CONFIG

Example

esr(config)# ip https proxy listen-ports HTTPS-ADD

CODE

ip https proxy redirect-port

This command defines the base HTTPS Proxy server port on the router. The number of ports used corresponds to the number of processor cores.

The use of a negative form (no) of the command sets the default value.

Syntax

ip https proxy redirect-port <PORT>

no ip https proxy redirect-port

Parameters

<PORT> – port number, set in the range of [1..65535].

Default value

3129

Required privilege level

15

Command mode

CONFIG

Example

esr(config)# ip proxy https redirect-port 3001

CODE

urls local

The command adds a local list of URL addresses and actions for this list to a filtering profile.

The use of a negative form (no) of the command sets the default value.

Syntax

urls local <URL_OBJ_GROUP_NAME> action { deny | permit | redirect redirect-url <REDIRECT-URL> }

no urls local

Parameters

<URL_OBJ_GROUP_NAME> – a list of URLs an action will be applied to;

permit – pass http requests to addresses described in the specified URL list;

deny – block http requests to addresses described in the specified URL list;

redirect – redirect requests to addresses described in the specified URL list to a specific url address.

<REDIRECT-URL> – URL address for HTTP requests redirection. Specified in 'redirect' mode only.

Required privilege level

15

Command mode

CONFIG-PROFILE

Example

esr(config-profile)# urls local OGU_DENY action deny

CODE

urls remote

The command adds a link to a remote list containing URL addresses and actions applied to this list.

The use of a negative form (no) of the command sets the default value.

Syntax

urls remote <FILE-NAME> action { deny | permit | redirect redirect-url <REDIRECT-URL> }

no urls remote

Parameters

<FILE-NAME> – a name of a file that contains a URL list and is located on a server specified in ip http proxy server-url (see ip http proxy server-url). File name is set by a string of up to 31 characters.

permit – pass http requests to addresses described in the file with specified name;

deny – block http requests to addresses described in the file with specified name;

redirect – redirect requests to addresses described in the file with specified name to a specific url address.

<REDIRECT-URL> – URL address for HTTP requests redirection. Specified in 'redirect' mode only.

Required privilege level

15

Command mode

CONFIG-PROFILE

Example

esr(config-profile)# urls remote http-deny action deny

CODE