Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

web-filtering

Syntax

Hierarchy Level

Description

Configure Content Security web filtering features. You can also configure the default Content Security configuration for web filtering feature profile. If you do not configure any option in the web filtering feature profile, the values configured in the default Content Security configuration are applied. The default Content Security Web filtering configuration for HTTP is also applicable for the HTTPS sessions. Web filtering feature’s potential policies conflict check is independent of the content filtering, antivirus, and antispam features.

Options

http-persist

Check all HTTP request in a connection. If http-persist option is enabled for clear text HTTP traffic, then Web filtering checks every HTTP request packet in the same session.

http-reassemble

Reassemble HTTP request segments. If http-reassemble option is enabled for clear text HTTP traffic, then Enhanced Web Filtering (EWF) reassembles the fragmented HTTP request to avoid evasion instead of packet-based inspection.

juniper-enhanced

Enable enhanced Web filtering on the device.

base-filter

A base filter is an object that contains a category-action pair for all categories defined in the category file.

block-message

Juniper enhanced block message settings.

cache

Set the cache parameters for Surf-Control-Integrated Web filtering and Enhanced Web Filtering.

category

Select a custom URL category list you created (custom objects) for filtering against.

custom-block-message

Enter a custom message to be sent when HTTP requests are blocked.

default

Specify an action for the profile, for requests that experience internal errors in the Web filtering module.

fallback-settings

Fallback settings tell the system how to handle errors.

no-safe-search

Do not perform safe-search for Juniper enhanced protocol. Safe-search redirect supports HTTP only. Therefore it is not possible to generate a redirect response for HTTPS search URLs. Safe-search redirects can be disabled by using the CLI option no-safe-search.

quarantine-custom-message

Juniper enhanced quarantine custom message.

quarantine-message

Juniper enhanced quarantine message settings.

reputation

Customize reputation level. The ThreatSeeker Cloud (TSC) provides site reputation information. Based on these reputations, you can choose a block or a permit action.

server

Set server parameters by entering the server name or IP address.

site-reputation-action

Specify the action to be taken depending on the site reputation returned for all types of URLs whether it is categorized or uncategorized.

timeout

Enter a timeout limit for requests. Once this limit is reached, fail mode settings are applied.

  • Range: 1 through 120

juniper-local

Enable Juniper Networks local URL filtering on the device.

block-message

Juniper local block message settings.

traceoptions

Trace options for Web filtering feature.

url-blacklist

This is a global blocklist category, blocking content for Web filtering.

url-whitelist

A URL allowlist is a unique custom list that you define in which all the URLs or IP addresses in that list for a specified category are always bypassed for filtering.

websense-redirect

Web filtering websense redirect engine. Websense occasionally releases new EWF categories. EWF classifies websites into categories according to host, URL, or IP address and performs filtering based on the categories.

type

Type of Web filtering solution or URL filtering solution used by the device.

performance-mode

Improves the performance by only analyzing the traffic requests on ports 80 and 443.

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

The surf-control-integrated feature is not supported from Junos OS Release 15.1X49-D10 onwards. For previous releases, statement introduced in Junos OS Release 9.5.

The [edit security utm default-configuration] hierarchy level introduced in Junos OS Release 18.2R1.

The performance-mode statement introduced in Junos OS Release 22.2R1.