You configure content filtering rules at the security-policy content-filtering level. For more details on the command structure, see Configuring Rules Using UPL.
|
Parameter |
Description |
|---|---|
|
PASS DENY WARNING |
Rule action:
|
|
enabled |
Enable/disable a rule:
|
|
name |
The name of the rule. Example: name("Content filtering rule example"). |
|
desc |
A description of the rule. Example: desc("Content filtering rule example set via CLI"). |
|
rule_log |
Log traffic information if the rule is triggered. The available options are:
|
|
scenario |
Scenario that needs to be active for the rule to trigger. To specify a scenario: scenario = "Example of a scenario". For more details on configuring scenarios, see Configuring scenarios. |
|
virus_usergate |
UserGate stream virus check. Required if the selected action is Deny. Enumerated options:
|
|
Block page |
Select a block page. If no page is specified, a default page template is used. Specify the block page in parentheses after the action, e.g. DENY("Blockpage (AE)"). For more details on configuring block pages, see Configuring response pages. To specify an external page, provide an external URL: redirect(302, "http://www.example.com"). |
|
src.zone |
Traffic source zone. To specify a source zone, such as Trusted: src.zone = Trusted. For more details about configuring zones using the CLI, see Zones. |
|
src.ip |
Add source IP address or domain lists. Example for IP addresses: src.ip = lib.network(). Specify the list name in parentheses. For more details about how to create and configure IP address lists using CLI, see Configuring IP addresses. Example for domains: src.ip = lib.url(). Specify the URL to which necessary domains were added in parentheses. For more details about how to create and configure URL lists using the CLI, see Configuring URL lists. |
|
src.geoip |
Source GeoIP. Specify a country code (for example, src.geoip = AE). Click here for the list of ISO 3166-1 country codes. Important! There is a limit on the number of GeoIPs that can be specified: the number cannot exceed 15. |
|
user |
Users and user groups for which the content filtering rule applies (local or LDAP). To add LDAP groups and users, you need to have a correctly configured LDAP connector (for more information about configuring LDAP connectors via the CLI, see Configuring LDAP connectors). The following line describes how to add a local user (local_user) and group (Local Group), a user (example.local\AD_user), and an LDAP group (AD group):
user = (local_user, "CN=Local Group, DC=LOCAL", "example.loc\\AD_user", "CN=AD group, OU=Example, DC= example, DC=loc"The Active Directory domain example.loc has been already configured. When adding LDAP users and groups, you can specify a list of paths on the server, starting from which the system will search for users and groups. |
|
dst.zone |
Traffic destination zone, e.g. dst.zone = Untrusted. For more details about configuring zones using the CLI, see Zones. |
|
dst.ip |
Add lists of destination IP addresses or domains. To specify an IP address list: dst.ip = lib.network(). Specify the list name in parentheses. For more details about how to create and configure IP address lists using CLI, see Configuring IP addresses. To specify a domain list: dst.ip = lib.url(). Specify the URL to which the necessary domains were added in parentheses. For more details about how to create and configure URL lists using the CLI, see Configuring URL lists. |
|
dst.geoip |
Destination GeoIP. Specify a country code (for example, dst.geoip = AE). Click here for the list of ISO 3166-1 country codes. Important! There is a limit on the number of GeoIPs that can be specified: the number cannot exceed 15. |
|
service |
Service type. You can specify a service or a services group (for more details, see Configuring services and Configuring service groups). To specify a single service: service = "service name". To specify multiple services: service = (service-name1, service-name2, ...). To specify a services group: service = lib.service(). Provide the services group name in parentheses. |
|
category |
Lists of categories and URL filtering categories for which the rule will be applied. You need to have the appropriate license for URL filtering. To specify a URL category list: category = lib.category(). Specify the URL category list name in parentheses. For more details about how to create and configure URL categories using CLI, see Configuring URL categories. To specify a URL category: category = "URL category name". |
|
url |
The URL lists to which the rule will be applied. To specify a URL list: url = lib.url(). Specify a URL list name in parentheses. For more details about creating and configuring URL lists, see Configuring URL lists. |
|
response.header.Content-Type |
Lists of content types to which the rules will be applied. To specify a content type list: response.header.Content-Type = lib.mime(). Provide the name for the content type list in parentheses. For more details about how to create and configure lists using CLI, see Configuring content types. |
|
morphology |
The list of morphological dictionary databases that will be used to check webpages. To specify the list of morphology databases: morphology = lib.morphology(). Provide the list name in parentheses. For more details about how to create and configure your own lists using CLI, see Configuring morphology. |
|
request.header.User-Agent |
The user browser useragents for which this rule will be applied. To specify a useragent: request.header.User-Agent = lib.useragent(). Provide the useragent browser category in parentheses. For more details about how to create and configure your own lists using CLI, see Configuring useragents. |
|
http.method |
Method used in HTTP requests. Example: http.method = GET. |
|
request.header.Referer |
A list of URLs of referrers for the current page, or the URL category to which the referrer belongs. To specify a URL list or category: request.header.Referer = lib.url() (provide the list name in parentheses) or request.header.Referer = "URL category" For more details about how to configure URL lists using CLI, see Configuring URL lists. For more details about URL categories, see Configuring URL categories. |
|
time |
Set a schedule for a rule. To set a schedule: time = lib.time(). Specify a time set group name in parentheses. For more details on configuring time sets, see Configuring time sets. |