24 Release Note
Software Release 2.3.1
C613-10325-00 REV B
Figure 6: Example of a HTTP filter file.
HTTP Cookies
By default, HTTP cookie requests are allowed to pass through the HTTP proxy
configured under the firewall policy. To discard cookie sets from particular
domains or URLs, put entries in the filter file for the direction in which you
want to filter, as described above. To configure the HTTP proxy to discard all
HTTP cookie sets from all responses, use the command:
DISABLE FIREWALL POLICY=name HTTPCOOKIES
where:
■
name is a character string, 1 to 15 characters in length. Valid characters are
letters (a-z, A-Z), digits (0-9) and the underscore character (“_”).
The POLICY parameter specifies the name of the firewall policy for which
cookie requests are to be disabled. The policy must already exist.
# The keywords section starts with the string “keywords:”.
keywords:
# The keywords can match any part of the URL. URLs containing these entries will
# be denied unless specifically allowed by an entry later in the file.
sex
plants
toys
.nz
# Putting a * in front of the keyword indicates that the string must appear at
# the end of the URL, for the URL to be denied. The following entry would match
www.anything.com/this/is/an/example, but not www.example.com
*example
# The * operator can be used to specify the type of file.
*.mp3
*.jpg
# The URLs section starts with the string “URLS:”, and specifies particular URLs
# to deny, allow or cookie filter.
URLS:
# If no explicit deny is put on the end then the URL is denied.
# Note the implicit /* on the end of the domain.
www.plant.com
www.nude.com
# Specific sections of websites can be matched. The sections must be complete
# folder/directory names, so the following entry would match
# www.hacker.com/dosAttack/dos.html but not www.hacker.com/dosAttacks/dos.html
www.hacker.com/dosAttack
# The “nocookies” option denies cookie requests from the domain, and makes an
# implicit allow.
www.acompany.com: nocookies
# The “allow” option can be used to override general URL exclusions.
www.nude.com/this/is/not/porn : allow
# The “allow” option can also be used to override general keyword exclusions.
www.sexy.plants.com : allow
# The “allow” and “nocookies” options can be combined to allow a URL that is
# forbidden by the keywords, but deny cookie requests.
www.acompany.co.nz : allow nocookies