web-filter
Syntax
web-filter { profile (Web Filter) profile-name { dns-filter { database-file filename; dns-resp-ttl seconds; dns-server [ ip-address ]; hash-key key-string; hash-method hash-method-name; statistics-log-timer minutes; wildcarding-level level; } dns-filter-template template-name { client-interfaces [ client-interface-name ]; client-routing-instance client-routing-instance-name; dns-filter { database-file filename; dns-resp-ttl seconds; dns-server [ ip-address ]; hash-key key-string; hash-method hash-method-name; statistics-log-timer minutes; wildcarding-level level; } server-interfaces [ server-interface-name ]; server-routing-instance server-routing-instance-name; term term-name { from { src-ip-prefix [ source-prefix ]; } then { accept; dns-sinkhole; } } } global-dns-stats-log-timer minutes; url-filter-database filename; url-filter-template template-name { client-interfaces [ client-interface-name1 client-interface-name2 ]; disable-url-filtering; dns-resolution-interval minutes; dns-resolution-rate seconds; dns-retries number; dns-routing-instance dns-routing-instance-name; dns-server [ ip-address1 ip-address2 ip-address3 ]; dns-source-interface loopback-interface-name; dns-routing-instance dns-routing-instance-name; routing-instance routing-instance-name; server-interfaces [ server-interface-name1 server-interface-name2 ]; term term-name { from { src-ip-prefix [prefix1 prefix2]; dest-port [port1 port2]; } then { accept; custom-page custom-page; http-status-code http-status-code; redirect-url redirect-url; tcp-reset; } } url-filter-database filename } } }
Hierarchy Level
[edit services]
Description
Configure filtering of DNS requests for disallowed website domains. Filtering can result in either:
Blocking access to the site by sending the client a DNS response that includes an IP address or domain name of a sinkhole server instead of the disallowed domain.
Logging the DNS request and allowing access.
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 18.3R1 on MX Series.
Support added in Junos OS Release 19.3R2 for Next Gen Services on MX Series routers MX240, MX480 and MX960 with the MX-SPC3 services card.