Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring URL Filtering

 

URL filtering is configured on a service PIC. The interfaces you are dealing with are services interfaces (which use the ms prefix) or aggregated multiservices (AMS) interfaces (which use the ams prefix). For more information on AMS interfaces, see the Adaptive Services Interfaces Feature Guide for Routing Devices starting with Understanding Aggregated Multiservices Interfaces.

To configure the URL filtering feature, you must first configure jservices-urlf as the package-name at the [edit chassis fpc slot-number pic pic-number adaptive-services service-package extension-provider] hierarchy level. For more information on configuring the extension-provider package package-name configuration statement, see the package (Loading on PIC) statement.

A URL filtering profile is a collection of templates. Each template consists of a set of criteria that defines which URLs are blacklisted and how the recipient is notified.

To configure the URL profile:

  1. Assign a name to the URL profile.
    Note

    Starting in Junos OS Release 18.3R1, configure the profile at the [edit services web-filter] hierarchy level. Before Junos OS Release 18.3R1, configure the profile at the [edit services url-filter] hierarchy level.

  2. Specify the name of the URL filter database to use.
  3. Configure one or more templates for the profile.

    To configure each template:

    1. Name the template.
      Note

      Starting in Junos OS Release 18.3R1, configure the template with the url-filter-template statement. Before Junos OS Release 18.3R1, configure the template with the template statement.

    2. Go to that new template hierarchy level.
    3. Specify the name of the URL filter database to use.
    4. Specify the loopback interface for which the source IP address is picked for sending DNS queries.
    5. Disable the filtering of HTTP traffic that contains an embedded IP address (for example, http:/10.1.1.1) belonging to a blacklisted domain name in the URL filter database.
    6. Configure the DNS resolution time interval in minutes.
    7. Configure the number of retries for a DNS query in case the query fails or times out.
    8. Specify the IP addresses (IPv4 or IPv6) of DNS servers to which the DNS queries are sent.
    9. Specify the client-facing logical interfaces on which the URL filtering is configured.
    10. Specify the server-facing logical interfaces on which the URL filtering is configured.
    11. Specify the routing instance on which the URL filtering is configured.
    12. Specify the routing instance on which the DNS server is reachable.
  4. Configure the term information.

    Terms are used in filters to segment the policy or filter into small match and action pairs.

    1. Name the term.
    2. Go to the new term hierarchy level.
    3. Specify the source IP address prefixes for traffic you want to filter.
    4. Specify the destination ports for traffic you want to filter.
    5. Configure an action to take.

      The action can be one of the following:

      custom-page custom-pageSend a custom page string to the user.
      http-status-code http-status-codeSend an HTTP status code to the user.
      redirect-url redirect-urlSend an HTTP redirect to the user.
      tcp-resetSend a TCP reset to the user.
  5. Associate the URL profile with a next-hop service set.Note

    For URL filtering, you must configure the service set as a next-hop service set.

    Note

    The service interface can also be of the ams prefix. If you are using ams interfaces at the [edit services service-set service-set-name] hierarchy level for the URL filter, you must also configure the load-balancing-options hash-keys statement at the [edit interfaces ams-interface-name unit number] hierarchy level. For more information on configuring ams interfaces for next-hop service sets, see Example: Filtering Web Content on Multiple Service PICs Using an Aggregated Multiservices Interface.

    Note

    Starting in Junos OS Release 18.3R1, configure the service set with the web-filter-profile statement. Before Junos OS Release 18.3R1, configure the service set with the url-filter-profile statement.