web-filter
语法
web-filter {
profile (Web Filter) profile-name {
dns-filter {
database-file filename;
dns-resp-ttl seconds;
dns-server [ ip-address ];
hash-key key-string;
hash-method hash-method-name;
statistics-log-timer minutes;
wildcarding-level level;
}
dns-filter-template template-name {
client-interfaces [ client-interface-name ];
client-routing-instance client-routing-instance-name;
dns-filter {
database-file filename;
dns-resp-ttl seconds;
dns-server [ ip-address ];
hash-key key-string;
hash-method hash-method-name;
statistics-log-timer minutes;
wildcarding-level level;
}
server-interfaces [ server-interface-name ];
server-routing-instance server-routing-instance-name;
term term-name {
from {
src-ip-prefix [ source-prefix ];
}
then {
accept;
dns-sinkhole;
}
}
}
global-dns-stats-log-timer minutes;
url-filter-database filename;
url-filter-template template-name {
client-interfaces [ client-interface-name1 client-interface-name2 ];
disable-url-filtering;
dns-resolution-interval minutes;
dns-resolution-rate seconds;
dns-retries number;
dns-routing-instance dns-routing-instance-name;
dns-server [ ip-address1 ip-address2 ip-address3 ];
dns-source-interface loopback-interface-name;
dns-routing-instance dns-routing-instance-name;
routing-instance routing-instance-name;
server-interfaces [ server-interface-name1 server-interface-name2 ];
term term-name {
from {
src-ip-prefix [prefix1 prefix2];
dest-port [port1 port2];
}
then {
accept;
custom-page custom-page;
http-status-code http-status-code;
redirect-url redirect-url;
tcp-reset;
}
}
url-filter-database filename
}
}
}
层次结构级别
[edit services]
描述
为不允许的网站域配置 DNS 请求过滤。筛选可能导致:
通过向客户端发送包含 sinkhole 服务器的 IP 地址或域名(而不是不允许的域)的 DNS 响应来阻止对站点的访问。
记录 DNS 请求并允许访问。
其余语句将单独解释。请参阅 CLI 资源管理器。
所需权限级别
system - 在配置中查看此语句。
系统控制 - 将此语句添加到配置中。
发布信息
MX 系列上的 Junos OS 18.3R1 版中引入的语句。
Junos OS 版本 19.3R2 中添加了对带有 MX-SPC3 服务卡的 MX 系列路由器 MX240、MX480 和 MX960 上的新一代服务的支持。