Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


content-filtering (Security Content Security Policy)


Hierarchy Level


Configures a Content Security policy for the content filtering protocols and attach this policy to a security profile to implement it. Each supported protocol may implement available content filters differently. Not all filtering capabilities are supported for each protocol. The HTTP protocol supports all content filtering features. The FTP protocol supports only lock Extension List and Protocol Command Block List. The e-mail protocols (SMTP, IMAP, POP3) supports limited to Block Extension List, Protocol Command Block List, and MIME Pattern Filtering.

Starting in Junos OS Release 21.4R1, content filtering is performed by detecting the file content and not the file extensions. We have introduced the rule-set and rules configurations under the [edit security utm utm-policy <utm-policy-name> content-filtering] hierarchy level. These rules and rule-set allows you to configure direction specific content filters and connection reset.

So, content filtering options based on mime-type, content-type, and protocol command is not supported. After you upgrade to Junos OS Release 21.4R1, previously existing file extension based content filtering options under the [edit security utm utm-policy <utm-policy-name> content-filtering] hierarchy are no more available for configuration.

Junos OS Release 21.4R1 allows you to use legacy functionality if you don’t want to migrate to this modern functionality. You will be allowed to use the legacy configurations but all the legacy configuration knobs are deprecated and are hidden. Also, you will receive system logs and error message warnings when you use all the legacy deprecated knobs.


rule-set name

Name of the content filtering rule set.

rule name

Name of the content filtering rule.


List of applications to be inspected.


Direction of the content to be inspected (upload or download).


List of file-types in match critera.


Action to perform for the content filtering match condition. The possible options are:

  • no-action: No action is required.
  • block: Block and drop the connection

  • close-client: Close the client connection.

  • close-server: Close the server connection.

  • close-client-and-server: Close the client and the server connection.


Notification for the content filtering action taken based on the rules configured.


Endpoint notification options for the content filtering action taken based on the rules configured.


Endpoint notification type.


Notify mail sender.


Don't notify mail sender.


Custom notification message.


Generate security event if content is blocked by rule.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 9.5.

Support for configuration in logical systems introduced in Junos OS Release 18.3R1.

Support for configuration in tenant systems introduced in Junos OS Release 19.2R1.

rule-set option introduced in Junos OS Release 21.4R1.