Chapter 43 Content Filtering
ZyWALL Series CLI Reference Guide
371
content-filter url-server test
Firmware v4.55 or later
Enters the sub-command mode for testing URLSs with the
Web Content Filter.
url [timeout query_timeout]
Checks which Web Content Filter category a web page
belongs to. Enter the page’s full URL including the protocol,
for example: http://www.zyxel.com.tw.
The query fails if the content filter is not active.
timeout: Specify how long to wait for a response from the
Web Content Filter server, in seconds.
exit
Leaves the sub-command mode.
content-filter common-list
{trust|forbid}
Enters the sub-command for configuring a common list of
trusted or forbidden web sites.
The Web Content Filter profile commands let you configure
trusted or forbidden URLs for individual profiles. URL checking
is applied in the following order: profile trusted web sites,
common trusted web sites, profile forbidden web sites,
common forbidden web sites, and then profile keywords.
[no] {ipv4 | ipv4_cidr |
ipv4_range | wildcard_domainname
| tld |ipv6 | ipv6_range |
ipv6_prefix }
Adds or removes a common trusted or forbidden web site
entry.
ipv4: IPv4 address <W.X.Y.Z>
• ipv4_cidr: IPv4 subnet in CIDR format, i.e. 192.168.1.0/32
<W.X.Y.Z>/<1..32>
ipv4_range: Range of IPv4 addresses. <W.X.Y.Z>-<W.X.Y.Z>
wildcard_domainname: Wildcard domain name, in the
format String1.String2. For example: zyxel*.co*
• String 1 must consist of 1–63 characters, and may include
letters, numbers, and the following special characters: -
(hyphen), . (period), * (wildcard character).
• String 2 must consist of 1–63 characters, and may include
letters, numbers, and the following special characters: -
(hyphen), * (wildcard character).
tld: top level domain.
ipv6: IPv6 address, i.e. 2001::1
ipv6_range: Range of IPv6 address, < IPv6 Address >-< IPv6
Address >
ipv6_prefix: IPv6 prefix formant, <
IPv6 Address>/<Prefix
Length>
exit
Leaves the sub-command mode.
content-filter cf-queue flush
Clears content filter queuing packets.
[no] content-filter https-domain-
filter activate
Enables HTTPs Domain Filter which lets the ZyWALL/USG take
action on HTTPS web pages using the category service. In an
HTTPS connection, the Zyxel Device can extract the Server
Name Indication (SNI) from a client request, check if it
matches a category in the Web Content Filter and then take
appropriate action. The keyword match is for the domain
name only.
The
no command disables the HTTPs Domain Filter.
Table 206 content-filter General Commands (continued)
COMMAND DESCRIPTION
To Next Page
Loading...
