• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
  • 漏洞说明
  • 全部
  • 全部
  • 大数据引擎
  • 知了引擎
产品线
搜索
取消
案例类型
发布者
是否解决
是否官方
时间
搜索引擎
匹配模式
高级搜索

msr3610 上网行为管理 URL黑名单和白名单web中配置不生效,请问怎么配置,有文档吗?

2023-10-24提问
  • 0关注
  • 0收藏,822浏览
粉丝:0人 关注:0人

问题描述:

msr3610 URL黑名单和白名单web中配置不生效,请问怎么配置,有文档吗?

组网及组网描述:

#

version 7.1.064, Release 0615P15

#

sysname H3C

#

clock timezone Beijing add 08:00:00

clock protocol none

#

port-mapping application ftp port 2020

port-mapping application ftp port 1888

port-mapping application ftp port 2021

#

ip pool l2tp1 15.15.Y.10 15.15.Y.20

#

dhcp enable

dhcp server always-broadcast

#

dns proxy enable

#

password-recovery enable

#

vlan 1

#

object-group ip address Agents

0 network range 15.15.Z.11 15.15.Z.199

#

object-group ip address connlimitObjGrp_9608

0 network range 15.15.Z.11 15.15.Z.199

#

object-group ip address test

0 network host address 192.168.Z.188

#

dhcp server ip-pool GigabitEthernet0/1

gateway-list 15.15.Z.253

network 15.15.0.0 mask 255.255.254.0

address range 15.15.Z.51 15.15.Z.199

dns-list 114.114.114.114 202.96.209.5

#

controller Cellular0/0

#

interface Virtual-Template0

#

interface Virtual-Template1

ppp authentication-mode chap

remote address pool l2tp1

ip address 15.15.Y.1 255.255.255.0

#

interface NULL0

#

interface GigabitEthernet0/0

port link-mode route

tcp mss 1280

#

interface GigabitEthernet0/1

port link-mode route

ip address 15.15.Z.253 255.255.254.0

#

interface GigabitEthernet0/2

port link-mode route

combo enable copper

#

interface GigabitEthernet0/3

port link-mode route

description Multiple_Line

combo enable copper

ip address 66.66.66.66 255.255.255.240

dns server 114.114.114.114

dns server 202.96.209.5

qos car inbound any cir 1000000 cbs 62500000 ebs 0 green pass red discard yellow pass

qos car outbound any cir 1000000 cbs 62500000 ebs 0 green pass red discard yellow pass

nat outbound

nat server protocol tcp global 66.66.66.66 211 inside 15.15.Z.200 20201

nat server protocol tcp global 66.66.66.66 801 inside 15.15.Z.200 8011

#

interface GigabitEthernet0/4

port link-mode route

#

interface GigabitEthernet0/5

port link-mode route

#

object-policy ip Any-Any

rule 0 drop source-ip test app-group test_51

rule 1 inspect test source-ip test

rule 65534 pass

#

object-policy ip Trust-Trust

rule 0 pass

#

object-policy ip Trust-Untrust

rule 0 pass

#

object-policy ip Untrust-Trust

rule 0 pass

#

object-policy ip pass

rule 0 pass

#

security-zone name Local

#

security-zone name Trust

#

security-zone name DMZ

#

security-zone name Untrust

#

security-zone name Management

#

zone-pair security source Any destination Any

object-policy apply ip Any-Any

#

zone-pair security source Local destination Trust

object-policy apply ip pass

#

zone-pair security source Trust destination Local

object-policy apply ip pass

#

zone-pair security source Trust destination Trust

object-policy apply ip Trust-Trust

#

zone-pair security source Trust destination Untrust

object-policy apply ip Trust-Untrust

#

zone-pair security source Untrust destination Local

#

zone-pair security source Untrust destination Trust

object-policy apply ip Untrust-Trust

#

scheduler logfile size 16

#

line class console

user-role network-admin

#

line class tty

user-role network-operator

#

line class usb

user-role network-admin

#

line class vty

user-role network-operator

#

line con 0

user-role network-admin

#

line vty 0 63

authentication-mode scheme

user-role network-operator

#

ip route-static 0.0.0.0 0 GigabitEthernet0/3 66.66.66.6

ip route-static 50.0.0.0 8 15.15.Z.254 preference 10 description to JLR

ip route-static 15.15.A.0 24 15.15.Z.254 preference 10 description SIP

#

ssh server compatible-ssh1x enable

#

acl basic name connlimitAcl_9608

rule 65534 permit source object-group connlimitObjGrp_9608

#

undo password-control aging enable

undo password-control history enable

password-control length 6

password-control login-attempt 3 exceed lock-time 10

password-control update-interval 0

password-control login idle-time 0

password-control complexity user-name check

#

domain system

#

domain default enable system

#

role name level-0

description Predefined level-0 role

#

role name level-1

description Predefined level-1 role

#

role name level-2

description Predefined level-2 role

#

role name level-3

description Predefined level-3 role

#

role name level-4

description Predefined level-4 role

#

role name level-5

description Predefined level-5 role

#

role name level-6

description Predefined level-6 role

#

role name level-7

description Predefined level-7 role

#

role name level-8

description Predefined level-8 role

#

role name level-9

description Predefined level-9 role

#

role name level-10

description Predefined level-10 role

#

role name level-11

description Predefined level-11 role

#

role name level-12

description Predefined level-12 role

#

role name level-13

description Predefined level-13 role

#

role name level-14

description Predefined level-14 role

#

user-group system

#

local-user admin class manage

password hash $h$6$SkXWoEqHh+IFmJtz$sJYfZTDve3e+k9cXq6aK8KZ1eX7ALTy0uCNc48u+GdpdeqUexOSCHtXcs48nYBD7Y+/MqeIUjR5ycQcYEFW+cg==

service-type telnet http https

authorization-attribute user-role network-admin

#

local-user cs class manage

password hash $h$6$tfm6je5LzuOtZGEm$4bS3gLGkowS6HbtfKhUWHBBMjhLgQadDIjxq61l1lhy1uh+14Ql0O3NGiXH/mhEHkvZ9Dzt9YASTsMGqPZGj6w==

service-type telnet http https

authorization-attribute user-role network-admin

authorization-attribute user-role network-operator

#

local-user operator class manage

password hash $h$6$0/lHganry3mwaTsZ$ZuYkE8FzcPHSXNonrfOu8IgXKzx3USfI19fDYLHQTn3oWzHHxgPX9jUsPCyOrEJ3S+EqfybTjnyoeWlp9/NLeg==

service-type ftp

service-type ssh terminal http https

authorization-attribute user-role network-admin

#

local-user test class network

password cipher $c$3$1uwZ6xE+p788nfdYovNDpugVZ132RCq8Wg==

service-type ppp

authorization-attribute user-role network-operator

#

connection-limit policy 32

limit 255 acl name connlimitAcl_9608 per-source amount 150 149

#

l2tp-group 1 mode lns

allow l2tp virtual-template 1

undo tunnel authentication

tunnel password cipher $c$3$Dz2/pScZuxK5WPekWgvZ6j+KLmPZmMfxKw==

#

l2tp enable

#

app-group test_51

description "User-defined application group"

include application 19Lou

include application 51Com

include application BaiduTieBa

include application BinZhiWang

include application DouBan

include application DouBanGroup

include application HuaBanWang

include application In

include application KaiXinWang

include application LaMaBang

include application LookMook

include application MiaoPai

include application MopBBS

include application NetEaseWeiBo

include application PaPa

include application PengYouWang

include application RayLiBBS

include application ShiJiJiaYuan

include application SinaForum

include application SinaWeiBo

include application SoHuWeiBo

include application TencentWeiBo

include application TianYaBBS

include application TieXueBBS

include application TongChengLianAi

include application WuMi

include application ZhenAiWang

include application ZuoYeBang

#

ip http port 18080

ip https port 50443

ip http enable

ip https enable

#

url-filter policy 8048_url_profile_global

default-action permit

add blacklist 2 host text ***.***

add blacklist 3 host text ***.***

add blacklist 4 host text https: uri text /***.***/

#

url-filter policy test

default-action permit

category custom action drop logging

add blacklist 2 host text ***.***

add blacklist 3 host text ***.***

add blacklist 4 host text https: uri text /***.***/

#

url-filter policy test1

default-action permit

add blacklist 2 host text ***.***

add blacklist 3 host text ***.***

add blacklist 4 host text https: uri text /***.***/

#

url-filter category custom severity 65535

rule 1 host text ***.***

rule 2 host text www.h3c.com

rule 3 host text ***.***

rule 4 host text https: uri text /***.***/

#

app-profile test

url-filter apply policy test

#

wlan global-configuration

#

wlan ap-group default-group

#

traffic-policy

rule name test_51

  source-address address-set test

  application app 19Lou

  application app 51Com

  application app BaiduTieBa

  application app BinZhiWang

  application app DouBan

  application app DouBanGroup

  application app HuaBanWang

  application app In

  application app KaiXinWang

  application app LaMaBang

  application app LookMook

  application app MiaoPai

  application app MopBBS

  application app NetEaseWeiBo

  application app PaPa

  application app PengYouWang

  application app RayLiBBS

  application app ShiJiJiaYuan

  application app SinaForum

  application app SinaWeiBo

  application app SoHuWeiBo

  application app TencentWeiBo

  application app TianYaBBS

  application app TieXueBBS

  application app TongChengLianAi

  application app WuMi

  application app ZhenAiWang

  application app ZuoYeBang

#

cloud-management server domain oasis.h3c.com

#

return

最佳答案

粉丝:20人 关注:9人

您好,请知:

以下是URL过滤的配置案例链接,请参考:

https://www.h3c.com/cn/d_202305/1841092_30005_0.htm


暂无评论

2 个回答
粉丝:5人 关注:0人

官网对应版本的配置知道应该有的

暂无评论

粉丝:160人 关注:1人

https://www.h3c.com/cn/d_202305/1841092_30005_0.htm

暂无评论

编辑答案

你正在编辑答案

如果你要对问题或其他回答进行点评或询问,请使用评论功能。

分享扩散:

提出建议

    +

亲~登录后才可以操作哦!

确定

亲~检测到您登陆的账号未在http://hclhub.h3c.com进行注册

注册后可访问此模块

跳转hclhub

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作

举报

×

侵犯我的权益 >
对根叔社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 pub.zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明