Filtering management
default action
The command sets an action for unauthorized users' traffic processing .
The use of a negative (no) form of the command deletes an action for unauthorized users' traffic processing.
Syntax
default action <ACTION> { redirect-url <REDIRECT-URL>}
no default action
Parameters
<ACTION> – an action for traffic that is not described in a profile. Possible values:
- permit – permit HTTP requests;
- deny – block HTTP requests;
- redirect – redirect requests to a certain URL address.
<REDIRECT-URL> – URL address for HTTP requests redirection. Specified in 'redirect' mode only.
Default value
Not specified.
Required privilege level
15
Command mode
CONFIG-PROXY-PROFILE
Example
esr(config-profile)# default action deny
description
This command specifies the description of a filtering profile.
The use of a negative form (no) of the command removes description.
Syntax
description <DESCRIPTION>
no description
Parameters
<DESCRIPTION> – interface description, set by a string of up to 255 characters.
Required privilege level
10
Command mode
CONFIG-PROXY-PROFILE
Example
esr(config-profile)# description "deny any"
filter
The command enables traffic filtering mode.
The use of a negative form (no) of the command disables traffic filtering mode.
Syntax
[no] filter <DATA-TYPE>
Parameters
<DATA-TYPE> – a type of data filtered. May take the following values:
- activex
- cookie
- js
Default value
Disabled.
Required privilege level
15
Command mode
CONFIG-PROXY-PROFILE
Example
esr(config-profile)# filter cookie
log enable
This command enables proxy profile logging.
The use of a negative form (no) of the command enables proxy profile logging.
Syntax
[no] log enable
Parameters
None.
Default value
Disabled.
Required privilege level
15
Command mode
CONFIG-PROXY-PROFILE
Example
esr(config-proxy-profile)# log enable
ip http profile
The command creates an HTTP traffic filtering profile and enables profile configuration mode.
The use of a negative form of the command deletes an HTTP traffic filtering profile.
Syntax
[no] ip http profile <NAME>
Parameters
<NAME> – a name of an HTTP traffic filtering profile set by a string of [1..31] characters.
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# ip http profile HTTP-BLOCKED
ip http proxy
The command assigns an HTTP traffic filtering profile to an interface or a tunnel.
The use of a negative form of the command deletes an HTTP traffic filtering profile.
Syntax
ip http proxy <NAME>
no ip http proxy
Parameters
<NAME> – profile name. Set by the string of up to 31 characters.
Required privilege level
10
Command mode
CONFIG-GI
CONFIG-TE
CONFIG-SUBIF
CONFIG-QINQ-IF
CONFIG-PORT-CHANNEL
CONFIG-BRIDGE
CONFIG-CELLULAR-MODEM
CONFIG-GRE
CONFIG-IP4IP4
CONFIG-VTI
CONFIG-LT
CONFIG-PPPOE
Example
esr(config-cellular-modem)# ip http proxy HTTP-BLOCKED
ip http proxy aaa das-profile
The command sets a profile for dynamic authorization servers (DAS) to which CoA requests on URL lists modification will be sent by PCRF.
The use of a negative (no) form of the command removes the DAS profile.
Syntax
ip http proxy aaa das-profile <NAME>
no ip http proxy aaa das-profile
Parameters
<NAME> – DAS profile name, set by the string of up to 31 characters.
Default value
Profile is not specified.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# ip http proxy aaa das-profile my_server
ip http proxy listen-ports
The command creates a list of TCP ports (in addition to 80 and 8080) for HTTP requests filtering.
The use of a negative (no) form of the command removes a list created before.
Syntax
[no] ip http proxy listen-ports <SERVICE_OBJ_GROUP_NAME>
Parameters
<SERVICE_OBJ_GROUP_NAME> – port profile (object-group service). Set by the string of up to 31 characters.
Default value
80, 8080
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# ip http proxy listen-ports HTTP-ADD
ip http proxy redirect-port
This command defines the base HTTP Proxy server port on the router. The number of ports used corresponds to the number of processor cores.
The use of a negative form (no) of the command sets the default value.
Syntax
ip http proxy redirect-port <PORT>
no ip http proxy redirect-port
Parameters
<PORT> – port number, set in the range of [1..65535].
Default value
3128
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# ip proxy http redirect-port 3001
ip http proxy server-url
The command specifies a URL address of a server from which a filtering list will be received.
The use of a negative form (no) of the command removes a specified server URL.
Syntax
[no] ip http proxy server-url <URL>
Parameters
<URL> – URL address of a resource from which a file containing a filtering list should be downloaded. Set by a string of [8..255] characters.
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# ip http proxy server-url http://domain.example
ip https proxy
The command assigns an HTTP request filtering profile to an interface or a tunnel.
The use of a negative form (no) of the command sets the default value.
Syntax
ip https proxy <NAME>
no ip https proxy
Parameters
<NAME> – profile name. Set by the string of up to 31 characters.
Required privilege level
10
Command mode
CONFIG-GI
CONFIG-TE
CONFIG-SUBIF
CONFIG-QINQ-IF
CONFIG-PORT-CHANNEL
CONFIG-BRIDGE
CONFIG-CELLULAR-MODEM
CONFIG-GRE
CONFIG-IP4IP4
CONFIG-VTI
CONFIG-LT
CONFIG-PPPOE
Example
esr(config-cellular-modem)# ip https proxy HTTPS-BLOCKED
ip https proxy listen-ports
The command creates a list of TCP ports (in addition to 433) for HTTP requests filtering.
The use of a negative (no) form of the command removes a list created before.
Syntax
[no] ip https proxy listen-ports <SERVICE_OBJ_GROUP_NAME>
Parameters
<SERVICE_OBJ_GROUP_NAME> – port profile (object-group service). Set by the string of up to 31 characters.
Default value
433
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# ip https proxy listen-ports HTTPS-ADD
ip https proxy redirect-port
This command defines the base HTTPS Proxy server port on the router. The number of ports used corresponds to the number of processor cores.
The use of a negative form (no) of the command sets the default value.
Syntax
ip https proxy redirect-port <PORT>
no ip https proxy redirect-port
Parameters
<PORT> – port number, set in the range of [1..65535].
Default value
3129
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# ip proxy https redirect-port 3001
urls local
The command adds a local list of URL addresses and actions for this list to a filtering profile.
The use of a negative form (no) of the command sets the default value.
Syntax
urls local <URL_OBJ_GROUP_NAME> action { deny | permit | redirect redirect-url <REDIRECT-URL> }
no urls local
Parameters
<URL_OBJ_GROUP_NAME> – a list of URLs an action will be applied to;
permit – pass http requests to addresses described in the specified URL list;
deny – block http requests to addresses described in the specified URL list;
redirect – redirect requests to addresses described in the specified URL list to a specific url address.
<REDIRECT-URL> – URL address for HTTP requests redirection. Specified in 'redirect' mode only.
Required privilege level
15
Command mode
CONFIG-PROFILE
Example
esr(config-profile)# urls local OGU_DENY action deny
urls remote
The command adds a link to a remote list containing URL addresses and actions applied to this list.
The use of a negative form (no) of the command sets the default value.
Syntax
urls remote <FILE-NAME> action { deny | permit | redirect redirect-url <REDIRECT-URL> }
no urls remote
Parameters
<FILE-NAME> – a name of a file that contains a URL list and is located on a server specified in ip http proxy server-url (see ip http proxy server-url). File name is set by a string of up to 31 characters.
permit – pass http requests to addresses described in the file with specified name;
deny – block http requests to addresses described in the file with specified name;
redirect – redirect requests to addresses described in the file with specified name to a specific url address.
<REDIRECT-URL> – URL address for HTTP requests redirection. Specified in 'redirect' mode only.
Required privilege level
15
Command mode
CONFIG-PROFILE
Example
esr(config-profile)# urls remote http-deny action deny