default action

The command sets an action for unauthorized users' traffic processing .

The use of a negative (no) form of the command deletes an action for unauthorized users' traffic processing.

Syntax
default action <ACTION> { redirect-url <REDIRECT-URL>}
no default action
Parameters

<ACTION> – an action for traffic that is not described in a profile. Possible values:

  • permit – permit HTTP requests;
  • deny – block HTTP requests;
  • redirect – redirect requests to a certain URL address.

<REDIRECT-URL> – URL address for HTTP requests redirection. Specified in 'redirect' mode only.

Default value

Not specified.

Required privilege level

15

Command mode

CONFIG-PROXY-PROFILE

Example
esr(config-profile)# default action deny
CODE

description

This command specifies the description of a filtering profile.

The use of a negative form (no) of the command removes description.

Syntax
description <DESCRIPTION>
no description
Parameters

<DESCRIPTION> – interface description, set by a string of up to 255 characters.

Required privilege level

10

Command mode

CONFIG-PROXY-PROFILE

Example
esr(config-profile)# description "deny any"
CODE

filter

The command enables traffic filtering mode.

The use of a negative form (no) of the command disables traffic filtering mode.

Syntax
[no] filter <DATA-TYPE>
Parameters

<DATA-TYPE> – a type of data filtered. May take the following values:

  • activex
  • cookie
  • js
Default value

Disabled.

Required privilege level

15

Command mode

CONFIG-PROXY-PROFILE

Example
esr(config-profile)# filter cookie
CODE

log enable

This command enables proxy profile logging.

The use of a negative form (no) of the command enables proxy profile logging.

Syntax
[no] log enable
Parameters

None.

Default value

Disabled.

Required privilege level

15

Command mode

CONFIG-PROXY-PROFILE

Example
esr(config-proxy-profile)# log enable
CODE

ip http profile

The command creates an HTTP traffic filtering profile and enables profile configuration mode.

The use of a negative form of the command deletes an HTTP traffic filtering profile.

Syntax
[no] ip http profile <NAME>
Parameters

<NAME> – a name of an HTTP traffic filtering profile set by a string of [1..31] characters.

Required privilege level

10

Command mode

CONFIG

Example
esr(config)# ip http profile HTTP-BLOCKED
CODE

ip http proxy

The command assigns an HTTP traffic filtering profile to an interface or a tunnel.

The use of a negative form of the command deletes an HTTP traffic filtering profile.

Syntax
ip http proxy <NAME>
no ip http proxy
Parameters

<NAME> – profile name. Set by the string of up to 31 characters.

Required privilege level

10

Command mode

CONFIG-GI

CONFIG-TE

CONFIG-SUBIF

CONFIG-QINQ-IF

CONFIG-PORT-CHANNEL

CONFIG-BRIDGE

CONFIG-CELLULAR-MODEM

CONFIG-GRE

CONFIG-IP4IP4

CONFIG-VTI

CONFIG-LT

CONFIG-PPPOE

Example
esr(config-cellular-modem)# ip http proxy HTTP-BLOCKED
CODE

ip http proxy aaa das-profile

The command sets a profile for dynamic authorization servers (DAS) to which CoA requests on URL lists modification will be sent by PCRF.

The use of a negative (no) form of the command removes the DAS profile.

Syntax
ip http proxy aaa das-profile <NAME>
no ip http proxy aaa das-profile
Parameters

<NAME> – DAS profile name, set by the string of up to 31 characters.

Default value

Profile is not specified.

Required privilege level

15

Command mode

CONFIG

Example
esr(config)# ip http proxy aaa das-profile my_server
CODE

ip http proxy listen-ports

The command creates a list of TCP ports (in addition to 80 and 8080) for HTTP requests filtering.

The use of a negative (no) form of the command removes a list created before.

Syntax
[no] ip http proxy listen-ports <SERVICE_OBJ_GROUP_NAME>
Parameters

<SERVICE_OBJ_GROUP_NAME> – port profile (object-group service). Set by the string of up to 31 characters.

Default value

80, 8080

Required privilege level

10

Command mode

CONFIG

Example
esr(config)# ip http proxy listen-ports HTTP-ADD
CODE

ip http proxy redirect-port

This command defines the base HTTP Proxy server port on the router. The number of ports used corresponds to the number of processor cores.

The use of a negative form (no) of the command sets the default value.

Syntax
ip http proxy redirect-port <PORT>
no ip http proxy redirect-port
Parameters

<PORT> – port number, set in the range of [1..65535].

Default value

3128

Required privilege level

15

Command mode

CONFIG

Example
esr(config)# ip proxy http redirect-port 3001
CODE

ip http proxy server-url

The command specifies a URL address of a server from which a filtering list will be received.

The use of a negative form (no) of the command removes a specified server URL.

Syntax
[no] ip http proxy server-url <URL>
Parameters

<URL> – URL address of a  resource from which a file containing a filtering list should be downloaded. Set by a string of [8..255] characters.

Required privilege level

10

Command mode

CONFIG

Example
esr(config)# ip http proxy server-url http://domain.example
CODE

ip https proxy

The command assigns an HTTP request filtering profile to an interface or a tunnel.

The use of a negative form (no) of the command sets the default value.

Syntax
ip https proxy <NAME>
no ip https proxy
Parameters

<NAME> – profile name. Set by the string of up to 31 characters.

Required privilege level

10

Command mode

CONFIG-GI

CONFIG-TE

CONFIG-SUBIF

CONFIG-QINQ-IF

CONFIG-PORT-CHANNEL

CONFIG-BRIDGE

CONFIG-CELLULAR-MODEM

CONFIG-GRE

CONFIG-IP4IP4

CONFIG-VTI

CONFIG-LT

CONFIG-PPPOE

Example
esr(config-cellular-modem)# ip https proxy HTTPS-BLOCKED
CODE

ip https proxy listen-ports

The command creates a list of TCP ports (in addition to 433) for HTTP requests filtering.

The use of a negative (no) form of the command removes a list created before.

Syntax
[no] ip https proxy listen-ports <SERVICE_OBJ_GROUP_NAME>
Parameters

<SERVICE_OBJ_GROUP_NAME> – port profile (object-group service). Set by the string of up to 31 characters.

Default value

433

Required privilege level

10

Command mode

CONFIG

Example
esr(config)# ip https proxy listen-ports HTTPS-ADD
CODE

ip https proxy redirect-port

This command defines the base HTTPS Proxy server port on the router. The number of ports used corresponds to the number of processor cores.

The use of a negative form (no) of the command sets the default value.

Syntax
ip https proxy redirect-port <PORT>
no ip https proxy redirect-port
Parameters

<PORT> – port number, set in the range of [1..65535].

Default value

3129

Required privilege level

15

Command mode

CONFIG

Example
esr(config)# ip proxy https redirect-port 3001
CODE

urls local

The command adds a local list of URL addresses and actions for this list to a filtering profile.

The use of a negative form (no) of the command sets the default value.

Syntax
urls local <URL_OBJ_GROUP_NAME> action { deny | permit | redirect redirect-url <REDIRECT-URL> }
no urls local
Parameters

<URL_OBJ_GROUP_NAME> – a list of URLs an action will be applied to;

permit – pass http requests to addresses described in the specified URL list;

deny – block http requests to addresses described in the specified URL list;

redirect – redirect requests to addresses described in the specified URL list to a specific url address.

<REDIRECT-URL> – URL address for HTTP requests redirection. Specified in 'redirect' mode only.

Required privilege level

15

Command mode

CONFIG-PROFILE

Example
esr(config-profile)# urls local OGU_DENY action deny
CODE

urls remote

The command adds a link to a remote list containing URL addresses and actions applied to this list.

The use of a negative form (no) of the command sets the default value.

Syntax
urls remote <FILE-NAME> action { deny | permit | redirect redirect-url <REDIRECT-URL> }
no urls remote
Parameters

<FILE-NAME> – a name of a file that contains a URL list and is located on a server specified in ip http proxy server-url (see ip http proxy server-url). File name is set by a string of up to 31 characters.

permit – pass http requests to addresses described in the file with specified name;

deny – block http requests to addresses described in the file with specified name;

redirect – redirect requests to addresses described in the file with specified name to a specific url address.

<REDIRECT-URL> – URL address for HTTP requests redirection. Specified in 'redirect' mode only.

Required privilege level

15

Command mode

CONFIG-PROFILE

Example
esr(config-profile)# urls remote http-deny action deny
CODE