Chapter 40 Reputation Filter
ZyWALL Series CLI Reference Guide
336
40.3.3 URL Threat Filter External Black List
The following table describes the commands for enabling and configuring an external database of
blacklisted URLs. The Zyxel Device blocks incoming and outgoing packets from the addresses in this file.
• The external black list file must be in text format (*.txt) with each entry separated by a new line.
• The external black list file must be stored on a web server that supports HTTP or HTTPS, and that is
reachable from the Zyxel Device.
• Each entry consists of a URL, domain name, or domain name with wildcard *. For example:
https://www.zyxel.com/products_services/smb.shtml?t=s
www.zyxel.com
*.zyxel.*
• The external black list file can contain a maximum of 50,000 entries.
threat-website profile
<profile name> action
{block | pass | warn}
Sets what action the Zyxel Device takes when it detects a connection
attempt to or from the web pages of the specified categories.
block: The Zyxel Device blocks access to the web pages that match the
categories that you specified.
pass: The Zyxel Device allows access to the web pages that match the
categories that you specified.
warn: The Zyxel Device displays a warning message to the person trying to
access a website in the profile before allowing users to access web pages
that match the categories that you specified.
[no] threat-website profile
<profile name> description
<description>
Adds a description to the profile.
[no] threat-website profile
<profile name> {forbid |
trust| ebl}
Enables or disables the the black list (forbid), the whitelist (trust) and the
external black list (ebl) for this profile.
[no] threat-website profile
<profile name> log
Set whether the Zyxel Device should create a log message if it detects a
hit.
[no] threat-website profile
<profile name> category
{anonymizers | malware |
botnets | phishing
| browser-exploits |
phishing-fraud |
compromised | spam-sites |
malicious-downloads | spam-
urls | malicious-sites |
spyware-adware-keyloggers}
The profile blocks the specified web page categories. The no command
unblocks the specified category.
For compatibility, legacy categories are still included as options and map
to the following new categories:
• phishing-fraud -> phishing
• spam-sites -> spam-urls
• compromised, malware, botnets -> malicious-sites
Table 182 URL Threat Filter Profile Commands
COMMAND DESCRIPTION
To Next Page
Loading...
