Configuring local URL-list filtering

To configure the system for local URL-list filtering, the operator needs to:

Use the following CLI syntax to create a URL-list:

config>app-assure>group# url-list <url-list-name> [create]
    description <description-string>
    no description
    decrypt-key <key | hash-key | hash2-key> [hash | hash2 |custom]
    no decrypt-key
    file <file-url> 
    no file
    [no] shutdown
    size <url-list-size>
    [no] expression-match
    [standard | extended] - Default : standard

Wildcards are supported on hostname entries. To enable wildcard support, the url-list must have expression-match (in config>app-assure-group>url-list) enabled (the default is disabled). An entry may contain the following:

The same capabilities with those described in Application Filters section are provided.

When expression-match is set to enabled, the list should contain hostnames only, with wildcards.

The decryption key is optional. If the decryption key is not specified, the system assumes that the file is not encrypted. To encrypt a file in Linux using the supported encryption format, use the following command:

Linux# openssl des3 -nosalt -in <input-file.txt> -out <output.enc>

The following example displays a URL list configuration:

A:7750>config>app-assure>group# url-list url-list1 create
----------------------------------------------
                description "Local List for URL Filtering"
                decrypt-key ".i84/P1uS0lMGoQkae7mAV2Oj10n726Z" hash2
                file "cf3:\url-list1.enc"
                no shutdown
----------------------------------------------

Use the following CLI syntax to create a url-filter policy for local-filtering:

config>app-assure>group# url-filter <url-filter-name> [create]
    url-filter <url-filter-name> [create]
    description <description-string>
    no description
    default-action {allow | block-all | block-http-redirect <redirect-name>}
    no default-action
    [no] http-redirect <redirect-name>
    http-request-filtering {all | first}
    [no] apply-function-specific-behavior
    local-filtering 
        deny-list <url-list-name>
            default-action {allow | block-all | block-http-redirect <redirect-name>}
            no default-action
            [no] http-redirect <redirect-name>
        [no] allow-list <url-list-name>
    [no] shutdown

The following example displays a deny-list URL filter configured for local-filtering:

A:7750>config>app-assure>group# url-filter "url-denylist1" create
A:7750>config>app-assure>group>url-filter# info
----------------------------------------------
apply-function-specific-behavior
local-filtering
  default-action allow
  http-redirect "http-redirect-portal"
  deny-list "url-list1"
exit
no shutdown
----------------------------------------------

The default action should always be configured to ‟allow” when the url-filter is configured for local-filtering. The default-action in this context represents the action the system takes in case the local-list file is not accessible; this scenario may happen if the source file was corrupted or if the compact flash card was not accessible.

The following example displays the AQP entry to enable ICAP url-filtering for opted-in subscribers based on ASO characteristics:

A:7750>config>app-assure>group>policy>aqp# entry 100 create 
        match
            characteristic "child-protection" eq "yes"
        exit
        action
            url-filter "url-blacklist1"
        exit
        no shutdown