Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
21-45
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 21 Managing Zone-based Firewall Rules
Configuring Content Filtering Maps for Zone-based Firewall Policies
A single URLF Glob must also be limited to one of these types of URL segments:
Strings that appear in the server name of a URL, which includes the name of the server and the
domain name of the network. For example, www.cisco.com.
Strings that appear in URL keywords, which are the strings that appear between / characters in a
URL, or which are the file names. For example, in the URL segment www.cisco.com/en/US/, both
en and US are keywords. The file name in a URL, such as index.html, is also considered a keyword.
You cannot use the characters /, {, }, and ? in a URLF glob.
To match a server name or URL keyword, the string in the URL must match exactly the string included
in the URLF glob unless you use wildcard metacharacters to specify a variable string pattern. You can
use the following metacharacters for pattern matching for either server names or URL keywords:
* (Asterisk). Matches any sequence of zero or more characters. For example, *.edu matches all
servers in the education domain, and you could use hack* to block
www.example.com/hacksite/123.html.
[abc] (Character class). Matches any character in the brackets. The character matching is case
sensitive. For example, [abc] matches a, b, or c, but not A, B, or C. Thus, you could use
www.[ey]xample.com to block both www.example.com and www.yxample.com.
[a-c] (Character range class). Matches any character in the range. The character matching is case
sensitive. [a-z] matches any lowercase letter. You can mix characters and ranges; for example,
[abcq-z] matches a, b, c, q, r, s, t, u, v, w, x, y, z, and so does [a-cq-z].The dash (-) character is literal
only if it is the last or the first character within the brackets, [abc-] or [-abc].
[0-9] (Numerical range class). Matches any number in the brackets. For example [0-9] matches 0,
1, 2, 3, 4, 5, 6, 7, 8, or 9. Thus, you can use www.example[0-9][0-9].com to block
www.example01.com, www.example33.com, and www.example99.com (and so forth).
Navigation Path
Select Manage > Policy Objects, then select Maps > Parameter Maps > Web Filter > URLF Glob
Parameters in the table of contents. Right-click inside the work area and select New Object, or
right-click a row and select Edit Object.
Related Topics
Understanding Map Objects, page 6-72
Local Web Filter Class Add or Edit Match Criterion Dialog Boxes, page 21-28
Configuring Content Filtering Maps for Zone-based Firewall Policies, page 21-35
Understanding the Zone-based Firewall Rules, page 21-3
Field Reference
Table 21-18 Add or Edit URLF Glob Parameter Map Dialog Boxes
Element Description
Name The name of the policy object. A maximum of 40 characters is allowed.
Description A description of the policy object. A maximum of 200 characters is
allowed.