No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R008C00 CLI-based Configuration Guide

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring URL Filtering

Configuring URL Filtering

Creating an Attack Defense Profile

Context

As the network develops continuously, there are various types of potential risks such as Trojan horses, worms, and viruses in packets. After an attack defense profile is created, various security functions are available, such as URL filtering.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    defence-profile name profile-name

    An attack defense profile is created and the attack defense profile view is displayed.

    By default, no attack defense profile is created.

Configuring URL Filtering

Context

The URL blacklist and whitelist are applicable to the following scenarios. Configure a URL blacklist and a URL whitelist as required.

  • You can configure a URL blacklist to prevent users from accessing the specified URLs.
  • You can configure a URL whitelist to allow users to access the specified URLs.
After URL filtering is configured on a device, the device processes URL information as follows:
  1. Match URL information with entries in the URL whitelist.
    • If any entry in the URL whitelist is matched, the device allows users to access the specified URLs.
    • If no entry in the URL whitelist is matched, the device performs the next check item.
  2. Match URL information with entries in the URL blacklist.
    • If any entry in the URL blacklist is matched, the device prevents users from accessing the specified URLs.
    • If no entry in the URL blacklist is matched, the configured URL filtering function does not take effect. Packets are processed according to the normal process.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    profile type url-filter name profile-name

    A URL filtering profile is created and its view is displayed.

    By default, no URL filtering profile is created.

  3. Add URLs to the blacklist or whitelist in the URL filtering profile.

    • Run the blacklist url name url-name command to add a URL to the blacklist.

      By default, no blacklist rule is added to a URL filtering profile.

    • Run the whitelist url name url-name command to add a URL to the whitelist.

      By default, no whitelist rule is added to a URL filtering profile.

  4. Run:

    default-action { allow | block }

    The default action is configured in the URL filtering profile.

    By default, the default action in a URL filtering profile is allow.

    The default action is performed if a URL does not match any URL in the blacklist or whitelist or any URL locally buffered.

Follow-up Procedure

  • Run the display url-filter-profile { all | name profile-name } command to check information about the URL filtering profile.

Applying the Configuration

Context

After a URL filtering profile is created, you need to bind it to an attack defense profile and then bind the attack defense profile to a VAP profile, user group, or interface to make the application take effect.

Procedure

  1. Bind a URL filtering profile to an attack defense profile.
    1. Run the system-view command to enter the system view.
    2. Run the defence-profile name profile-name command to enter the attack defense profile view.
    3. Run the profile type url-filter name command to bind a URL filtering profile to an attack defense profile.

      By default, no URL filtering profile is bound to an attack defense profile.

    4. Run the quit command to return to the system view.
  2. Bind the attack defense profile to a VAP profile, or a user group.

    • VAP profile:

      1. Run the wlan command to enter the WLAN view.
      2. Run the vap-profile name profile-name command to enter the VAP profile view.
      3. Run the defence-profile profile-name command to bind the attack defense profile to a VAP profile.

        By default, no attack defense profile is bound to a VAP profile.

    • User group:

      1. Run the user-group group-name command to enter the user group view.
      2. Run the defence-profile profile-name command to bind the attack defense profile to a user group.

        By default, no attack defense profile is bound to a user group.

Checking the Configuration
  • Run the display defence-profile { all | name profile-name } command to check information about the attack defense profile.
  • Run the display references defence-profile name profile-name command to check reference information about the attack defense profile.
Translation
Download
Updated: 2019-01-11

Document ID: EDOC1000176006

Views: 119156

Downloads: 309

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next