No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Fat AP and Cloud AP V200R008C00 CLI-based Configuration Guide

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Restrictions and Precautions

Restrictions and Precautions

Read this section carefully before you configure URL filtering.


  • URL filtering applies only to HTTP or HTTPS URL requests. To filter HTTPS URL requests, you also need to configure encrypted traffic filtering of URL filtering.

    Encrypted traffic filtering of URL filtering does not decrypt HTTPS. Instead, it obtains the domain name (HOST) of the website that a user wants to access by parsing packets.

    During the TLS negotiation, the Central AP obtains the domain name (HOST) of the website that a user wants to access based on the Server Name field in the ClientHello packet from a client and the Common Name and Subject Alternative Name fields in the Certificate packet from the server. In addition, the Central AP verifies the values of the three fields. The Central AP implements URL filtering only when the verification succeeds.

    The website information contained in the three fields may be tampered with by malicious users. Therefore, some traffic evades URL filtering due to a field verification failure, which affects the detection accuracy of the device.

  • Encrypted traffic filtering of URL filtering supports TLS 1.0 and later versions.

  • URL filtering is not supported in direct forwarding mode.
  • The URL filtering function does not support filtering online-proxied URL requests.


  • The URL filtering function takes effect for all URL requests, including the web pages accessible to users and all website links on a web page. Generally, URL filtering rules take effect only for the URLs of web pages. To limit the website links on web pages, configure separate URL filtering rules.

  • If a URL rule contains a number sign (#), # and the following string do not apply to rule matching. If the URL that a user accesses contains #, # and the following string will not be sent to the URL module for URL matching.

  • If the Central AP is deployed between two routers, and the routers detect each other through BFD, you are advised to properly prolong the BFD time (longer than 100 ms is recommended) to prevent BFD flapping resulting from occasional network congestion.
Updated: 2019-01-11

Document ID: EDOC1000176006

Views: 130071

Downloads: 312

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next