web-filtering (Logical System Security Feature Profile)
Syntax
web-filtering { juniper-enhanced { profile name { base-filter base-filter; block-message { type custom-redirect-url; url url; } category name { action (block | log-and-permit | permit | quarantine); custom-message custom-message; } custom-block-message custom-block-message; default (block | log-and-permit | permit | quarantine); fallback-settings { default (block | log-and-permit); server-connectivity (block | log-and-permit); timeout (block | log-and-permit); too-many-requests (block | log-and-permit); } no-safe-search; quarantine-custom-message quarantine-custom-message; quarantine-message { type custom-redirect-url; url url; } site-reputation-action { fairly-safe (block | log-and-permit | permit | quarantine); harmful (block | log-and-permit | permit | quarantine); moderately-safe (block | log-and-permit | permit | quarantine); suspicious (block | log-and-permit | permit | quarantine); very-safe (block | log-and-permit | permit | quarantine); } timeout seconds; } } juniper-local { profile name { block-message { type custom-redirect-url; url url; } category name { action (block | log-and-permit | permit | quarantine); custom-message custom-message; } custom-block-message custom-block-message; default (block | log-and-permit | permit); fallback-settings { default (block | log-and-permit); server-connectivity (block | log-and-permit); timeout (block | log-and-permit); too-many-requests (block | log-and-permit); } quarantine-custom-message quarantine-custom-message; quarantine-message { type custom-redirect-url; url url; } timeout seconds; } } websense-redirect { profile name { account account; block-message { type custom-redirect-url; url url; } category name { action (block | log-and-permit | permit | quarantine); custom-message custom-message; } custom-block-message custom-block-message; fallback-settings { default (block | log-and-permit); server-connectivity (block | log-and-permit); timeout (block | log-and-permit); too-many-requests (block | log-and-permit); } quarantine-custom-message quarantine-custom-message; quarantine-message { type custom-redirect-url; url url; } server { host host; port port; routing-instance routing-instance; } sockets sockets; timeout seconds; } } }
Hierarchy Level
[edit logical-systems logical-systems-name security utm feature-profile] [edit tenants tenant-name security utm feature-profile]
Description
Configures the Content Security Web filtering feature for logical systems. The Web filtering allows you to manage Internet usage by preventing access to inappropriate Web content. The potential policies conflict check of the Web filtering feature is independent of the content filtering, antivirus, and antispam features. You can also configure the default Content Security configuration for Web filtering feature profile. If you do not configure any option in the Web filtering feature profile, the values configured in the default Content Security configuration are applied.
Options
juniper-enhanced |
Enables Enhanced Web Filtering (EWF) on the device. |
base-filter |
A base filter is an object that contains a category-action pair for all categories defined in the category file. |
block-message |
Juniper enhanced block message settings. |
category |
Select a custom URL category list you created (custom objects) for filtering against. |
custom-block-message |
Enter a custom message to be sent when HTTP requests are blocked. |
default |
Specify an action for the profile, for requests that experience internal errors in the Web filtering module. |
fallback-settings |
Fallback settings helps the system how to handle errors. |
no-safe-search |
Do not perform safe-search for Juniper enhanced protocol. Safe-search
redirect supports HTTP only. Therefore it is not possible to generate
a redirect response for HTTPS search URLs. Safe-search redirects can
be disabled by using the CLI option |
quarantine-custom-message |
Juniper enhanced quarantine custom message. |
quarantine-message |
Juniper enhanced quarantine message settings. |
server |
Set server parameters by entering the server name or IP address. |
site-reputation-action |
Specify the action to be taken depending on the site reputation returned for all types of URLs whether it is categorized or uncategorized. |
timeout |
Enter a timeout limit for requests. Once this limit is reached, fail mode settings are applied.
|
juniper-local |
Enables Juniper Networks local URL filtering on the device. |
block-message |
Juniper local block message settings. |
websense-redirect |
Web filtering websense redirect engine. Websense occasionally releases new EWF categories. EWF classifies websites into categories according to host, URL, or IP address and performs filtering based on the categories. |
type |
Type of Web filtering solution or URL filtering solution used by the device. |
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 18.3R1.
Support for configuration in tenant systems introduced in Junos OS Release 19.2R1.