Filter
Top Products
2001
java-blocking: Blocks the Java Applets of packets to the specified network
segment, applicable to HTTP only.
acl-number: Basic ACL number, in the range 2,000 to 2,999.
seconds: Configures the protocol idle timeout period, in seconds. The effective
range is 5 to 43,200.
Description Use the
detect command to configure ASPF detection for the application layer
protocol or transport layer protocol.
Use the
undo detect command to remove the configuration.
By default, the timeout period for an application layer protocol is 3,600 seconds,
the TCP-based timeout period is 3,600 seconds, and the UDP-based timeout
period is 30 seconds.
Note that:
■ If the protocol type is HTTP, Java blocking is allowed.
■ If application layer protocol detection and general TCP/UDP detection are both
enables, application layer protocol detection is given priority over general
TCP/UDP detection.
■ ASPF uses timeouts to manage the session status information of a protocol so
as to determine when to terminate the status information management of a
session or when to delete a session that cannot be normally established. As a
global configuration, the setting of a timeout applies to all sessions to protect
system resources from being maliciously seized.
■ A protocol idle timeout setting specified using the detect command has
priority over a timeout setting specified using the aging-time command.
Related command: display aspf all, display aspf policy, display aspf session, and display aspf
interface.
Example # Specify ASPF policy 1 for the FTTP protocol, enable Java blocking, and configure
ACL 2000 so that the ASPF policy can filter Java applets from the server 10.1.1.1.
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] rule permit source 10.1.1.1 0
[Sysname-acl-basic-2000] rule deny source any
[Sysname-acl-basic-2000] quit
[Sysname] aspf-policy 1
[Sysname-aspf-policy-1] detect http java-blocking 2000
display aspf all
Syntax display aspf all
View Any view