Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring URL Filtering

To configure the URL filtering feature, you must first configure jservices-urlf as the package-name at the [edit chassis fpc slot-number pic pic-number adaptive-services service-package extension-provider] hierarchy level. For more information on configuring the extension-provider package package-name configuration statement, see the package (Loading on PIC) statement.

URL filtering is configured on a service PIC. The interfaces you are dealing with are services interfaces (which use the ms prefix) or aggregated multiservices (AMS) interfaces (which use the ams prefix). For more information on AMS interfaces, see the Adaptive Services Interfaces User Guide for Routing Devices starting with Understanding Aggregated Multiservices Interfaces.

A URL filtering profile is a collection of templates. Each template consists of a set of criteria that defines which URLs are disallowed and how the recipient is notified.

To configure the URL profile:

  1. Assign a name to the URL profile.

    Starting in Junos OS Release 18.3R1, for Adaptive Services. configure the profile at the [edit services web-filter] hierarchy level. Before Junos OS Release 18.3R1, configure the profile at the [edit services url-filter] hierarchy level.Starting in Junos OS Release 19.3R2, this same functionality is available for Next Gen Serices on MX240, MX480, and MX960.

  2. Specify the name of the URL filter database to use.
  3. Configure one or more templates for the profile.

    To configure each template:

    1. Name the template.
      Note:

      Starting in Junos OS Release 18.3R1, configure the template with the url-filter-template statement. Before Junos OS Release 18.3R1, configure the template with the template statement.

    2. Go to that new template hierarchy level.
    3. Specify the name of the URL filter database to use.
    4. Specify the loopback interface for which the source IP address is picked for sending DNS queries.
    5. Disable the filtering of HTTP traffic that contains an embedded IP address (for example, http:/10.1.1.1) belonging to a disallowed domain name in the URL filter database.
    6. Configure the DNS resolution time interval in minutes.
    7. Configure the number of retries for a DNS query in case the query fails or times out.
    8. Specify the IP addresses (IPv4 or IPv6) of DNS servers to which the DNS queries are sent.
    9. Specify the client-facing logical interfaces on which the URL filtering is configured.
    10. Specify the server-facing logical interfaces on which the URL filtering is configured.
    11. Specify the routing instance on which the URL filtering is configured.
    12. Specify the routing instance on which the DNS server is reachable.
  4. Configure the term information.

    Terms are used in filters to segment the policy or filter into small match and action pairs.

    1. Name the term.
    2. Go to the new term hierarchy level.
    3. Specify the source IP address prefixes for traffic you want to filter.
    4. Specify the destination ports for traffic you want to filter.
    5. Configure an action to take.

      The action can be one of the following:

      custom-page custom-page

      Send a custom page string to the user.

      http-status-code http-status-code

      Send an HTTP status code to the user.

      redirect-url redirect-url

      Send an HTTP redirect to the user.

      tcp-reset

      Send a TCP reset to the user.

  5. Associate the URL profile with a next-hop service set.
    Note:

    For URL filtering, you must configure the service set as a next-hop service set.

    Note:

    The service interface can also be of the ams prefix. If you are using ams interfaces at the [edit services service-set service-set-name] hierarchy level for the URL filter, you must also configure the load-balancing-options hash-keys statement at the [edit interfaces ams-interface-name unit number] hierarchy level. .

    Note:

    Starting in Junos OS Release 18.3R1, configure the service set with the web-filter-profile statement. Before Junos OS Release 18.3R1, configure the service set with the url-filter-profile statement.

Release History Table
Release
Description
19.3R2
Starting in Junos OS Release 19.3R2, this same functionality is available for Next Gen Serices on MX240, MX480, and MX960.
18.3R1
Starting in Junos OS Release 18.3R1, for Adaptive Services. configure the profile at the [edit services web-filter] hierarchy level. Before Junos OS Release 18.3R1, configure the profile at the [edit services url-filter] hierarchy level.