content-filtering (Logical System Security Feature Profile)
Syntax
content-filtering {
profile name {
block-command block-command;
block-content-type {
activex;
exe;
http-cookie;
java-applet;
zip;
}
block-extension block-extension;
block-mime {
exception (Security Content Filtering) exception;
list (Security Content Filtering Block Mime) list;
}
notification-options (Security Content Filtering) {
custom-message (Security Content Filtering) custom-message;
(notify-mail-sender (Security Content Filtering Notification Options) | no-notify-mail-sender (Security Content Filtering Notification Options));
type (Security Content Filtering Notification Options) (message | protocol-only);
}
permit-command permit-command;
}
}
Hierarchy Level
[edit logical-systems logical-systems-name security utm feature-profile] [edit tenants tenant-name security utm feature-profile]
Description
Configures the Content Security content-filtering feature for logical systems. The content filtering feature controls file transfers across the gateway by checking traffic against configured filter lists. It evaluates the traffic before all other Content Security features, except Web filtering. You can also configure the default Content Security configuration for content filtering feature profile. If you do not configure any option in the content filtering feature profile, the values configured in the default Content Security configuration are applied.
A license check for the content filtering configuration is performed at the time of commit and provides a warning if a valid license is not installed on the device. Once a valid license is installed on the device then the custom content filtering profile or the default content filtering profile is able to process the traffic. If a license is expired or license is not installed, the content filtering service does not process the traffic.
Options
block-command |
Protocol block command custom-objects to the content-filtering profile. |
block-content-type |
Blocks other available content such as exe, http-cookie, java-applet. This is for HTTP only. |
block-extension |
Block extensions to the content-filtering profile. |
block-mime |
MIME pattern list custom-objects to the content-filtering profile for blocking MIME types. |
notification-options |
A message notification to trigger when a content filter is matched. |
permit-command |
Protocol permit command custom-objects to the content-filtering profile. |
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 18.3R1.
Support for configuration in tenant systems introduced in Junos OS Release 19.2R1.