Junos : Local Web filtering

To configure local Web filtering using the CLI, you must first create your custom objects.

1. Configure a URL pattern list custom object by creating the list name and adding values to it as follows:

   Note: Because you use URL pattern lists to create custom URL category lists, you must configure URL pattern list custom objects before you configure custom URL category lists. The URL and IP address is added in this example.

   user@host# set security utm custom-objects url-pattern urllist3 value [http://www.juniper.net 1.2.3.4]

   user@host# set security utm custom-objects url-pattern urllist4 value [http://www.acmegizmo.com 1.2.3.4]

   Note: URL pattern wildcard support—The wildcard rule is as follows: \*\.[]\?* and you must precede all wildcard URLs with http://. You can only use “*” if it is at the beginning of the URL and is followed by a “.”. You can only use “?” at the end of the URL. The following wildcard syntax is supported: http://*.juniper.net, http://www.juniper.ne?, http://www.juniper.n??. The following wildcard syntax is NOT supported: *.juniper.net , www.juniper.ne?, http://*juniper.net, http://*.

1. Configure a custom URL category list custom object by using the URL pattern list you created as follows:

   user@host# set security utm custom-objects custom-url-category custurl3 value urllist3

   user@host# set security utm custom-objects custom-url-category custurl4 value urllist4

Now that your custom objects have been created, you can configure the juniper-local Web filtering feature profile.

1. If you are using included global whitelist and blacklist categories, select those global categories. This is the first filtering category that both integrated, redirect, and local Web filtering use. If no match is made, the configured default fallback action is performed. 

2. user@host# set security utm feature-profile web-filtering url-blacklist custurl3

   user@host# set security utm feature-profile web-filtering url-whitelist custurl4

3. Select juniper-local as your Web filtering engine as follows:

   user@host# set security utm feature-profile web-filtering type juniper-local

4. Create a juniper-local profile by first creating a profile with a default action (permit, log and permit, block) for requests that experience errors as follows:

   user@host# set security utm feature-profile web-filtering juniper–local profile localprofile1 default permit

5. Enter a custom message to be sent when HTTP requests are blocked.

   user@host# set security utm feature-profile web-filtering juniper-local profile localprofile1 custom-block-message “Access to this site is not permitted”

6. Select fallback settings (block or log and permit) for this profile. The fallback actions are taken when errors in each configured category occur.

   user@host# set security utm feature-profile web-filtering juniper–local profile localprofile1 fallback-settings default block

   user@host# set security utm feature-profile web-filtering juniper–local profile localprofile1 fallback-settings too-many-requests block

1. Configure a UTM policy for the Web filtering protocol and attach this policy to a profile. CLI commands for configuring a UTM policy for HTTP Web filtering, and attaching that policy to a profile you created earlier for content filtering are:

   user@host# set security utm utm-policy utmp5 web-filtering http-profile localprofile1

2. Attach the UTM policy to a firewall security policy.

   user@host# set security policies from-zone trust to-zone untrust policy p5 match source-address any

   user@host# set security policies from-zone trust to-zone untrust policy p5 match destination-address any

   user@host# set security policies from-zone trust to-zone untrust policy p5 match application junos-http

   user@host# set security policies from-zone trust to-zone untrust policy p5 then permit application-services utm-policy utmp5