To configure the system for local URL-list filtering, the operator needs to:
Create a URL-list policy referencing a valid file located on the compact flash.
Create a url-filter policy for local-filtering by referencing this URL-list.
Create an AQP to apply this url-filter policy.
Use the following CLI syntax to create a URL-list:
config>app-assure>group# url-list <url-list-name> [create]
description <description-string>
no description
decrypt-key <key | hash-key | hash2-key> [hash | hash2 |custom]
no decrypt-key
file <file-url>
no file
[no] shutdown
size <url-list-size>
[no] expression-match
[standard | extended] - Default : standard
Wildcards are supported on hostname entries. To enable wildcard support, the url-list must have expression-match (in config>app-assure-group>url-list) enabled (the default is disabled). An entry may contain the following:
head anchors character set [^ *]
tail anchors character set [$ *]
mid expression character set [\d \I \. \**]
hex escape characters [\x00-\xFF]
The same capabilities with those described in Application Filters section are provided.
When expression-match is set to enabled, the list should contain hostnames only, with wildcards.
The decryption key is optional. If the decryption key is not specified, the system assumes that the file is not encrypted. To encrypt a file in Linux using the supported encryption format, use the following command:
Linux# openssl des3 -nosalt -in <input-file.txt> -out <output.enc>
The following example displays a URL list configuration:
A:7750>config>app-assure>group# url-list url-list1 create
----------------------------------------------
description "Local List for URL Filtering"
decrypt-key ".i84/P1uS0lMGoQkae7mAV2Oj10n726Z" hash2
file "cf3:\url-list1.enc"
no shutdown
----------------------------------------------
Use the following CLI syntax to create a url-filter policy for local-filtering:
config>app-assure>group# url-filter <url-filter-name> [create]
url-filter <url-filter-name> [create]
description <description-string>
no description
default-action {allow | block-all | block-http-redirect <redirect-name>}
no default-action
[no] http-redirect <redirect-name>
http-request-filtering {all | first}
[no] apply-function-specific-behavior
local-filtering
deny-list <url-list-name>
default-action {allow | block-all | block-http-redirect <redirect-name>}
no default-action
[no] http-redirect <redirect-name>
[no] allow-list <url-list-name>
[no] shutdown
The following example displays a deny-list URL filter configured for local-filtering:
A:7750>config>app-assure>group# url-filter "url-denylist1" create
A:7750>config>app-assure>group>url-filter# info
----------------------------------------------
apply-function-specific-behavior
local-filtering
default-action allow
http-redirect "http-redirect-portal"
deny-list "url-list1"
exit
no shutdown
----------------------------------------------
The default action should always be configured to ‟allow” when the url-filter is configured for local-filtering. The default-action in this context represents the action the system takes in case the local-list file is not accessible; this scenario may happen if the source file was corrupted or if the compact flash card was not accessible.
The following example displays the AQP entry to enable ICAP url-filtering for opted-in subscribers based on ASO characteristics:
A:7750>config>app-assure>group>policy>aqp# entry 100 create
match
characteristic "child-protection" eq "yes"
exit
action
url-filter "url-blacklist1"
exit
no shutdown