Invalid Blocking Suffix; Acl Configuration Failed - HP 6600 Security Configuration Manual

Table 46 Wildcards for URL parameter filtering entries
Wildcard
^
$
&
*
Solution
Use the wildcards correctly according to the above principles.

Invalid blocking suffix

Symptom
When you configure a Java blocking suffix keyword or ActiveX blocking suffix keyword, the system
prompts you that there are invalid suffix keywords.
Analysis
A blocking suffix requires a dot (.) as part of it. If no dot or multiple dots are configured, the configuration
fails.
Solution
Configure a suffix keyword according to the description in the analysis.

ACL configuration failed

Symptom
An ACL rule uses the IP address of a host in the internal network as the source address and permits
requests from the host. The ACL is referenced for URL address filtering, Java blocking or ActiveX blocking,
but it does not work.
Analysis
For URL address filtering, Java blocking and ActiveX blocking, ACLs permit access to servers in external
networks rather than hosts in the internal network. This is because the internal network is assumed to be
trusted.
Solution
Specify the IP address of the server in the external network as the source IP address in the ACL rule.
Meaning
Matches parameters starting with the
keyword
Matches parameters ending with the
keyword
Stands for one valid character
Stands for a string of up to 4 valid
characters, including spaces
476
Usage guidelines
Can be present once at the beginning of a
filtering entry.
It can be present once at the end of a filtering
entry.
It can be present multiple times at any position
of a filtering entry, consecutively or
inconsecutively, and cannot be used next to an
asterisk (*). If it is present at the beginning or
end of a filtering entry, it must be next to a
caret (^) or a dollar sign ($).
It can be present once in the middle of a
filtering entry.