URL Filter Configuration Example

This section describes a URL filter configuration example.

Hillstone device works as the gateway of an enterprise. Ethernet0/0 connects to Internet and belongs to untrust zone; ethernet0/1 connects to the Intranet of R&D department and belongs to trust zone; ethernet0/3 connects to the Intranet of Marketing department and belongs to the trust1 zone.

It is required to forbid the members in the R&D department (the network segment is 10.100.0.0/16) to access the news websites (except for www.abc.com) and the entertainment website www.bcd.com during the office hours (09:00 to 18:00, Monday to Friday), and log the access attempts.

See the topology below:

This section shows the URL filter configurations in details, and for the configurations about interface, zone, and log, see the related chapters.

Preparations

Before configuring the URL filter function, finish the following preparations first:

1. Install the URL service license and reboot the device.
2. Update the predefined URL database.

Configurations

Take the following steps:

Step 1: Create the URL filter rule named urlcontrol.

1. On the Navigation pane, click Configure > Content > URL Filter to visit the URL Filter page.
2. Click New.
3. In the URL Filter Rule Configuration dialog, type urlcontrol into the Name box.
4. Under Match Conditions, finish the options as below to specify the conditions for the rule.
   • Dst zone: untrust
   • User: Click Choose, and in the User Configuration dialog, add the IP type user 10.100.0.0/16. Click OK to close the dialog.
   • Schedule: Click Choose to create a new schedule named workday. Specify the periodic schedule for the schedule as Monday to Friday, 09:00 to 16:00.
5. Under Action, click New on the URL category tab. In the URL Category dialog, create a URL category named bcd which contains the entertainment website www.bac.com. Configure the options as below:
   • Category: bcd
   • URL http://: Type www.bcd.com into the box and then click Add.
6. Click OK to save the settings and return to the URL Filter Rule Configuration dialog.
7. In the URL category list, select the Block and Log check boxes for News and bcd.
8. Click the URL keyword category tab, and click New.
9. In the Keyword Category Configuration dialog, specify the name of the keyword category as url-keyword, and click New to add keywords to the category. Configure the options as below:
   • Keyword: Type ef into the box, and select Simple from the drop-down list.
   • Trust value: 100
   Click Add to add the keyword ef into the system.
10. Click OK to save the settings and return to the URL Filter Configuration dialog.
11. In the URL keyword category list, select the Block and Log check boxes for url-keyword.
    
12. Click OK to save the settings and return to the URL Filter page.

Step 2: Configure the bypass domain to exclude www.abc.com from control.

1. On the Task tab in the right auxiliary pane, click Bypass Domain.
2. In the Bypass Domain dialog, type www.abc.com into the box, and click Add.
3. Click OK to save the settings.

After finishing the above configurations, during the office hours, the member in the R&D department cannot access the news websites (except for www.abc.com) and www.bcd.com, but they cannot search the keyword ef. The system will log the access and search attempts.