H3C SecPath Series Command Reference Manual
H3C SecPath Series Command Reference Manual

H3C SecPath Series Command Reference Manual

High-end firewalls attack protection
Hide thumbs Also See for SecPath Series:

Advertisement

Quick Links

H3C SecPath Series High-End Firewalls
Attack Protection Command Reference
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Software version: SECPATH1000FE&SECBLADEII-CMW520-R3166
SECPATH5000FA-CMW520-R3206
Document version: 6PW107-20120703

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SecPath Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for H3C SecPath Series

  • Page 1 H3C SecPath Series High-End Firewalls Attack Protection Command Reference Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: SECPATH1000FE&SECBLADEII-CMW520-R3166 SECPATH5000FA-CMW520-R3206 Document version: 6PW107-20120703...
  • Page 2 SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V G, V G, PSPT, XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd. All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in this document is subject to change without notice.
  • Page 3 Preface The H3C SecPath Series High-End Firewalls command references describe the commands and command syntax options available for the H3C SecPath Series High-End Firewalls. The Attack Protection Command Reference describes the ARP and web filtering commands. This preface includes: •...
  • Page 4 Convention Description A line that starts with a pound (#) sign is comments. GUI conventions Convention Description Window names, button names, field names, and menu items are in Boldface. For Boldface example, the New User window appears; click OK. > Multi-level menus are separated by angle brackets.
  • Page 5 Obtaining documentation You can access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the links on the top navigation bar to obtain different categories of product documentation: [Technical Support & Documents > Technical Documents] –...
  • Page 6 Technical support service@h3c.com http://www.h3c.com Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.
  • Page 7: Table Of Contents

    Contents ARP attack defense configuration commands ············································································································ 1   ARP automatic scanning and fixed ARP configuration commands ·············································································· 1   arp fixup ···································································································································································· 1   arp scan ···································································································································································· 2   Web filtering configuration commands ······················································································································ 3   display firewall http activex-blocking ····················································································································· 3  ...
  • Page 8: Arp Attack Defense Configuration Commands

    ARP attack defense configuration commands ARP automatic scanning and fixed ARP configuration commands arp fixup Syntax arp fixup View System view Default Level 2: System level Parameters None Description Use the arp fixup command to change dynamic ARP entries into static ARP entries. Note the following: The static ARP entries changed from dynamic ARP entries have the same attributes as the static ARP •...
  • Page 9: Arp Scan

    arp scan Syntax arp scan [ start-ip-address to end-ip-address ] View Layer 3 Ethernet interface view, Layer 3 Ethernet subinterface view, VLAN interface view Default Level 2: System level Parameters start-ip-address: Start IP address of the scanning range. end-ip-address: End IP address of the scanning range. The end IP address must be higher than or equal to the start IP address.
  • Page 10: Web Filtering Configuration Commands

    Web filtering configuration commands NOTE: The file name conventions in this document are as follows: Full file name: File path plus file name, a case-insensitive string of 1 to 135 characters excluding the end • character. • File name: File name without file path, a case-insensitive string of 1 to 91 characters excluding the end character.
  • Page 11: Display Firewall Http Java-Blocking

    .vbs Table 1 Output description Field Description Serial number Match-Times Number of times that a suffix keyword is matched Keywords ActiveX blocking suffix keyword # Display detailed ActiveX blocking information. <Sysname> display firewall http activex-blocking verbose ActiveX blocking is enabled. No ACL group has been configured.
  • Page 12: Display Firewall Http Url-Filter Host

    Match-Times Keywords ---------------------------------------------- .CLASS .JAR .java Table 2 Output description Field Description Serial number Match-Times Number of times that the suffix keyword has been matched Keywords Java blocking suffix keyword # Display detailed information about Java blocking. <Sysname> display firewall http java-blocking verbose Java blocking is enabled.
  • Page 13: Display Firewall Http Url-Filter Parameter

    <Sysname> display firewall http url-filter host item ^webfilter$ The HTTP request packet including "^webfilter$" had been matched for 10 times. # Display URL address filtering information about all filtering entries. <Sysname> display firewall http url-filter host all Match-Times Keywords ---------------------------------------------- ^webfilter$ Table 3 Output description Field...
  • Page 14 Description Use the display firewall http url-filter parameter command to display information about URL parameter filtering. If no parameters are specified, the command displays brief information about URL parameter filtering. Examples # Display brief information about URL parameter filtering. <Sysname> display firewall http url-filter parameter URL-filter parameter is enabled.
  • Page 15: Firewall Http Activex-Blocking Acl

    firewall http activex-blocking acl Syntax firewall http activex-blocking acl acl-number undo firewall http activex-blocking acl View System view Default level 2: System level Parameters acl-number: ACL number, in the range 2000 to 3999. Description Use the firewall http activex-blocking acl command to specify an ACL for ActiveX blocking. Use the undo firewall http activex-blocking acl command to cancel the configuration.
  • Page 16: Firewall Http Activex-Blocking Suffix

    Description Use the firewall http activex-blocking enable command to enable the ActiveX blocking function and add the default blocking keyword ‘.ocx’ to the ActiveX blocking suffix list. Use the undo firewall http activex-blocking enable command to disable the ActiveX blocking function. By default, the ActiveX blocking function is disabled.
  • Page 17: Firewall Http Java-Blocking Enable

    View System view Default level 2: System level Parameters acl-number: ACL number, in the range 2000 to 3999. Description Use the firewall http java-blocking acl command to specify an ACL for Java blocking. Use the undo firewall http java-blocking acl command to cancel the configuration. By default, no ACL is specified for Java blocking.
  • Page 18: Firewall Http Java-Blocking Suffix

    Examples # Enable the Java blocking function. <Sysname> system-view [Sysname] firewall http java-blocking enable firewall http java-blocking suffix Syntax firewall http java-blocking suffix keywords undo firewall http java-blocking suffix keywords View System view Default level 2: System level Parameters keywords: Blocking suffix keyword, a case-insensitive string of 1 to 9 characters. It must start with a dot “.”...
  • Page 19: Firewall Http Url-Filter Host Default

    Parameters acl-number: ACL number, in the range 2000 to 3999. Description Use the firewall http url-filter host acl command to specify an ACL for URL address filtering. Use the undo firewall http url-filter host acl command to cancel the configuration. By default, no ACL is specified for URL address filtering.
  • Page 20: Firewall Http Url-Filter Host Enable

    <Sysname> system-view [Sysname] firewall http url-filter host default permit firewall http url-filter host enable Syntax firewall http url-filter host enable undo firewall http url-filter host enable View System view Default level 2: System level Parameters None Description Use the firewall http url-filter host enable command to enable the URL address filtering function. Use the undo firewall http url-filter host enable command to disable the URL address filtering function.
  • Page 21: Firewall Http Url-Filter Host Load

    This configuration takes effect only after the URL address filtering function is enabled. Related commands: firewall http url-filter host enable, display firewall http url-filter host. Examples # Configure to permit Web requests using IP addresses for access to websites. <Sysname> system-view [Sysname] firewall http url-filter host ip-address permit firewall http url-filter host load Syntax...
  • Page 22: Firewall Http Url-Filter Host Url-Address

    Description Use the firewall http url-filter host save command to save the URL address filtering entries to a specified file in text format. Examples # Save all the URL address filtering entries into a file. <Sysname> system-view [Sysname] firewall http url-filter host save cfa0:/urlfilter firewall http url-filter host url-address Syntax firewall http url-filter host url-address { deny | permit } url-address...
  • Page 23: Firewall Http Url-Filter Parameter

    standalone webfilter like www.webfilter.com; it does not match website addresses like www.webfilter-china.com. A filtering entry with neither “^” at the beginning nor “$” at the end indicates a fuzzy match, and • matches website addresses containing the keyword. If “*” is present at the beginning of a filtering entry, it must be present in the format like *.xxx, where •...
  • Page 24: Firewall Http Url-Filter Parameter Enable

    Table 7 Meanings of wildcards Wildcard Meaning Usage guidelines Matches parameters starting with It can be present once at the beginning of a filtering the keyword entry. Matches parameters ending with It can be present once at the end of a filtering entry. the keyword It can be present multiple times at any position of a filtering entry, consecutively or inconsecutively, and...
  • Page 25: Firewall Http Url-Filter Parameter Load

    Description Use the firewall http url-filter parameter enable command to enable the URL parameter filtering function. Use the undo firewall http url-filter parameter enable command to disable the URL parameter filtering function. By default, the URL parameter filtering function is disabled. Related commands: display firewall http url-filter parameter.
  • Page 26: Reset Firewall Http

    Parameters file-name: Name of the file for storing the parameter filtering entries. The name must contain the file path. Description Use the firewall http url-filter parameter save command to save all the parameter filtering entries (including the default ones) into a specified file. Examples # Save all the parameter filtering entries into a file.
  • Page 27: Index

    Index A D F R firewall http java-blocking suffix,1 1 firewall http url-filter host acl,1 1 fixup,1 firewall http url-filter host default,12 scan,2 firewall http url-filter host enable,13 firewall http url-filter host ip-address,13 firewall http url-filter host load,14 display firewall http activex-blocking,3 firewall http url-filter host save,14...

Table of Contents