msr3610 上网行为管理 URL黑名单和白名单web中配置不生效，请问怎么配置，有文档吗？

msr3610 URL黑名单和白名单web中配置不生效，请问怎么配置，有文档吗？

#

version 7.1.064, Release 0615P15

#

sysname H3C

#

clock timezone Beijing add 08:00:00

clock protocol none

#

port-mapping application ftp port 2020

port-mapping application ftp port 1888

port-mapping application ftp port 2021

#

ip pool l2tp1 15.15.Y.10 15.15.Y.20

#

dhcp enable

dhcp server always-broadcast

#

dns proxy enable

#

password-recovery enable

#

vlan 1

#

object-group ip address Agents

0 network range 15.15.Z.11 15.15.Z.199

#

object-group ip address connlimitObjGrp_9608

0 network range 15.15.Z.11 15.15.Z.199

#

object-group ip address test

0 network host address 192.168.Z.188

#

dhcp server ip-pool GigabitEthernet0/1

gateway-list 15.15.Z.253

network 15.15.0.0 mask 255.255.254.0

address range 15.15.Z.51 15.15.Z.199

dns-list 114.114.114.114 202.96.209.5

#

controller Cellular0/0

#

interface Virtual-Template0

#

interface Virtual-Template1

ppp authentication-mode chap

remote address pool l2tp1

ip address 15.15.Y.1 255.255.255.0

#

interface NULL0

#

interface GigabitEthernet0/0

port link-mode route

tcp mss 1280

#

interface GigabitEthernet0/1

port link-mode route

ip address 15.15.Z.253 255.255.254.0

#

interface GigabitEthernet0/2

port link-mode route

combo enable copper

#

interface GigabitEthernet0/3

port link-mode route

description Multiple_Line

combo enable copper

ip address 66.66.66.66 255.255.255.240

dns server 114.114.114.114

dns server 202.96.209.5

qos car inbound any cir 1000000 cbs 62500000 ebs 0 green pass red discard yellow pass

qos car outbound any cir 1000000 cbs 62500000 ebs 0 green pass red discard yellow pass

nat outbound

nat server protocol tcp global 66.66.66.66 211 inside 15.15.Z.200 20201

nat server protocol tcp global 66.66.66.66 801 inside 15.15.Z.200 8011

#

interface GigabitEthernet0/4

port link-mode route

#

interface GigabitEthernet0/5

port link-mode route

#

object-policy ip Any-Any

rule 0 drop source-ip test app-group test_51

rule 1 inspect test source-ip test

rule 65534 pass

#

object-policy ip Trust-Trust

rule 0 pass

#

object-policy ip Trust-Untrust

rule 0 pass

#

object-policy ip Untrust-Trust

rule 0 pass

#

object-policy ip pass

rule 0 pass

#

security-zone name Local

#

security-zone name Trust

#

security-zone name DMZ

#

security-zone name Untrust

#

security-zone name Management

#

zone-pair security source Any destination Any

object-policy apply ip Any-Any

#

zone-pair security source Local destination Trust

object-policy apply ip pass

#

zone-pair security source Trust destination Local

object-policy apply ip pass

#

zone-pair security source Trust destination Trust

object-policy apply ip Trust-Trust

#

zone-pair security source Trust destination Untrust

object-policy apply ip Trust-Untrust

#

zone-pair security source Untrust destination Local

#

zone-pair security source Untrust destination Trust

object-policy apply ip Untrust-Trust

#

scheduler logfile size 16

#

line class console

user-role network-admin

#

line class tty

user-role network-operator

#

line class usb

user-role network-admin

#

line class vty

user-role network-operator

#

line con 0

user-role network-admin

#

line vty 0 63

authentication-mode scheme

user-role network-operator

#

ip route-static 0.0.0.0 0 GigabitEthernet0/3 66.66.66.6

ip route-static 50.0.0.0 8 15.15.Z.254 preference 10 description to JLR

ip route-static 15.15.A.0 24 15.15.Z.254 preference 10 description SIP

#

ssh server compatible-ssh1x enable

#

acl basic name connlimitAcl_9608

rule 65534 permit source object-group connlimitObjGrp_9608

#

undo password-control aging enable

undo password-control history enable

password-control length 6

password-control login-attempt 3 exceed lock-time 10

password-control update-interval 0

password-control login idle-time 0

password-control complexity user-name check

#

domain system

#

domain default enable system

#

role name level-0

description Predefined level-0 role

#

role name level-1

description Predefined level-1 role

#

role name level-2

description Predefined level-2 role

#

role name level-3

description Predefined level-3 role

#

role name level-4

description Predefined level-4 role

#

role name level-5

description Predefined level-5 role

#

role name level-6

description Predefined level-6 role

#

role name level-7

description Predefined level-7 role

#

role name level-8

description Predefined level-8 role

#

role name level-9

description Predefined level-9 role

#

role name level-10

description Predefined level-10 role

#

role name level-11

description Predefined level-11 role

#

role name level-12

description Predefined level-12 role

#

role name level-13

description Predefined level-13 role

#

role name level-14

description Predefined level-14 role

#

user-group system

#

local-user admin class manage

password hash $h$6$SkXWoEqHh+IFmJtz$sJYfZTDve3e+k9cXq6aK8KZ1eX7ALTy0uCNc48u+GdpdeqUexOSCHtXcs48nYBD7Y+/MqeIUjR5ycQcYEFW+cg==

service-type telnet http https

authorization-attribute user-role network-admin

#

local-user cs class manage

password hash $h$6$tfm6je5LzuOtZGEm$4bS3gLGkowS6HbtfKhUWHBBMjhLgQadDIjxq61l1lhy1uh+14Ql0O3NGiXH/mhEHkvZ9Dzt9YASTsMGqPZGj6w==

service-type telnet http https

authorization-attribute user-role network-admin

authorization-attribute user-role network-operator

#

local-user operator class manage

password hash $h$6$0/lHganry3mwaTsZ$ZuYkE8FzcPHSXNonrfOu8IgXKzx3USfI19fDYLHQTn3oWzHHxgPX9jUsPCyOrEJ3S+EqfybTjnyoeWlp9/NLeg==

service-type ftp

service-type ssh terminal http https

authorization-attribute user-role network-admin

#

local-user test class network

password cipher $c$3$1uwZ6xE+p788nfdYovNDpugVZ132RCq8Wg==

service-type ppp

authorization-attribute user-role network-operator

#

connection-limit policy 32

limit 255 acl name connlimitAcl_9608 per-source amount 150 149

#

l2tp-group 1 mode lns

allow l2tp virtual-template 1

undo tunnel authentication

tunnel password cipher $c$3$Dz2/pScZuxK5WPekWgvZ6j+KLmPZmMfxKw==

#

l2tp enable

#

app-group test_51

description "User-defined application group"

include application 19Lou

include application 51Com

include application BaiduTieBa

include application BinZhiWang

include application DouBan

include application DouBanGroup

include application HuaBanWang

include application In

include application KaiXinWang

include application LaMaBang

include application LookMook

include application MiaoPai

include application MopBBS

include application NetEaseWeiBo

include application PaPa

include application PengYouWang

include application RayLiBBS

include application ShiJiJiaYuan

include application SinaForum

include application SinaWeiBo

include application SoHuWeiBo

include application TencentWeiBo

include application TianYaBBS

include application TieXueBBS

include application TongChengLianAi

include application WuMi

include application ZhenAiWang

include application ZuoYeBang

#

ip http port 18080

ip https port 50443

ip http enable

ip https enable

#

url-filter policy 8048_url_profile_global

default-action permit

add blacklist 2 host text ***.***

add blacklist 3 host text ***.***

add blacklist 4 host text https: uri text /***.***/

#

url-filter policy test

default-action permit

category custom action drop logging

add blacklist 2 host text ***.***

add blacklist 3 host text ***.***

add blacklist 4 host text https: uri text /***.***/

#

url-filter policy test1

default-action permit

add blacklist 2 host text ***.***

add blacklist 3 host text ***.***

add blacklist 4 host text https: uri text /***.***/

#

url-filter category custom severity 65535

rule 1 host text ***.***

rule 2 host text www.h3c.com

rule 3 host text ***.***

rule 4 host text https: uri text /***.***/

#

app-profile test

url-filter apply policy test

#

wlan global-configuration

#

wlan ap-group default-group

#

traffic-policy

rule name test_51

  source-address address-set test

  application app 19Lou

  application app 51Com

  application app BaiduTieBa

  application app BinZhiWang

  application app DouBan

  application app DouBanGroup

  application app HuaBanWang

  application app In

  application app KaiXinWang

  application app LaMaBang

  application app LookMook

  application app MiaoPai

  application app MopBBS

  application app NetEaseWeiBo

  application app PaPa

  application app PengYouWang

  application app RayLiBBS

  application app ShiJiJiaYuan

  application app SinaForum

  application app SinaWeiBo

  application app SoHuWeiBo

  application app TencentWeiBo

  application app TianYaBBS

  application app TieXueBBS

  application app TongChengLianAi

  application app WuMi

  application app ZhenAiWang

  application app ZuoYeBang

#

cloud-management server domain oasis.h3c.com

#

return