Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?




Hierarchy Level


Configure Content Security web filtering features. You can also configure the default Content Security configuration for web filtering feature profile. If you do not configure any option in the web filtering feature profile, the values configured in the default Content Security configuration are applied. The default Content Security Web filtering configuration for HTTP is also applicable for the HTTPS sessions. Web filtering feature’s potential policies conflict check is independent of the content filtering, antivirus, and antispam features.



Check all HTTP request in a connection. If http-persist option is enabled for clear text HTTP traffic, then Web filtering checks every HTTP request packet in the same session.


Reassemble HTTP request segments. If http-reassemble option is enabled for clear text HTTP traffic, then Enhanced Web Filtering (EWF) reassembles the fragmented HTTP request to avoid evasion instead of packet-based inspection.


Enable enhanced Web filtering on the device.


A base filter is an object that contains a category-action pair for all categories defined in the category file.


Juniper enhanced block message settings.


Set the cache parameters for Surf-Control-Integrated Web filtering and Enhanced Web Filtering.


Select a custom URL category list you created (custom objects) for filtering against.


Enter a custom message to be sent when HTTP requests are blocked.


Specify an action for the profile, for requests that experience internal errors in the Web filtering module.


Fallback settings tell the system how to handle errors.


Do not perform safe-search for Juniper enhanced protocol. Safe-search redirect supports HTTP only. Therefore it is not possible to generate a redirect response for HTTPS search URLs. Safe-search redirects can be disabled by using the CLI option no-safe-search.


Juniper enhanced quarantine custom message.


Juniper enhanced quarantine message settings.


Customize reputation level. The ThreatSeeker Cloud (TSC) provides site reputation information. Based on these reputations, you can choose a block or a permit action.


Set server parameters by entering the server name or IP address.


Specify the action to be taken depending on the site reputation returned for all types of URLs whether it is categorized or uncategorized.


Enter a timeout limit for requests. Once this limit is reached, fail mode settings are applied.

  • Range: 1 through 120


Enable Juniper Networks local URL filtering on the device.


Juniper local block message settings.


Trace options for Web filtering feature.


This is a global blocklist category, blocking content for Web filtering.


A URL allowlist is a unique custom list that you define in which all the URLs or IP addresses in that list for a specified category are always bypassed for filtering.


Web filtering websense redirect engine. Websense occasionally releases new EWF categories. EWF classifies websites into categories according to host, URL, or IP address and performs filtering based on the categories.


Type of Web filtering solution or URL filtering solution used by the device.


Improves the performance by only analyzing the traffic requests on ports 80 and 443.

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

The surf-control-integrated feature is not supported from Junos OS Release 15.1X49-D10 onwards. For previous releases, statement introduced in Junos OS Release 9.5.

The [edit security utm default-configuration] hierarchy level introduced in Junos OS Release 18.2R1.

The performance-mode statement introduced in Junos OS Release 22.2R1.