Filter Web-Access Uri-Acl - H3C MSR Series Command Reference Manual
Comware 7 security
Hide thumbs
Also See for MSR Series:
- Command reference manual (174 pages) ,
- Configuration manual (80 pages) ,
- Manual (33 pages)
Table of Contents
Advertisement
Default
A user can access only the Web resources in the URL list authorized to the user.
Views
SSL VPN policy group view
Predefined user roles
network-admin
Parameters
ipv6: Specifies an IPv6 ACL. Do not configure this keyword if you want to specify an IPv4 ACL.
acl advanced-acl-number: Specifies an advanced ACL by its number in the range of 3000 to 3999. If
a rule in the specified ACL contains VPN settings, the rule does not take effect.
Usage guidelines
You can specify both an advanced ACL and a URI ACL for Web access filtering.
The SSL VPN gateway uses the following procedure to determine whether to forward a Web access
request:
1.
Matches the request against the authorized URL list.
If the request matches a URL entry in the list, the gateway forwards the request.
If the request does not match any URL entries in the list, the gateway proceeds to step 2.
2.
Matches the request against rules in the URI ACL:
If the request matches a permit rule, the gateway forwards the request.
If the request matches a deny rule, the gateway drops the request.
If the request does not match any rules in the URI ACL or if no URI ACL is available, the
gateway proceeds to step 3.
3.
Matches the request against rules in the advanced ACL:
If the request matches a permit rule, the gateway forwards the request.
If the request matches a deny rule, the gateway drops the request.
If the request does not match any rules in the advanced ACL or if no advanced ACL is
available, the gateway drops the request.
You can specify an IPv4 ACL, IPv6 ACL, or both by using this command, but you cannot specify
multiple IPv4 ACLs or IPv6 ACLs. If you specify IPv4 or IPv6 ACLs multiple times, the most recent
IPv4 or IPv6 ACL configuration takes effect.
Examples
# Configure policy group pg1 to use IPv4 ACL 3000 and IPv6 ACL 3500 for Web access filtering.
<Sysname> system-view
[Sysname]sslvpn context ctx1
[Sysname-sslvpn-context-ctx1] policy-group pg1
[Sysname-sslvpn-context-ctx1-policy-group pg1] filter web-access acl 3000
[Sysname-sslvpn-context-ctx1-policy-group pg1] filter web-access ipv6 acl 3500
Related commands
filter web-access uri-acl
filter web-access uri-acl
Use filter web-access uri-acl to specify a URI ACL for Web access filtering.
Use undo filter web-access uri-acl to remove the URI ACL configuration for Web access filtering.
761
Advertisement
Table of Contents
