Format

Three filtering rules are configured by default. The first denies traffic on port 25 to all destinations. The second and third bypass user authentication for connections to 2 file sandbox destinations.

Each line in filter.config is a filtering rule. Content Gateway applies the rules in the order listed, starting at the top of the file. If no rule matches, the request is allowed to proceed.

Content Gateway recognizes three space-delimited tags:

primary_destination=value secondary_specifier=value action=value

The following table lists the possible primary destination types.

Primary Destination Type Allowed Value
dest_domain A requested domain name
dest_host A requested hostname
dest_ip A requested IP address
url_regex A regular expression to be found in a URL. See Specifying URL regular expressions (url_regex) for information about using regular expressions.

Secondary specifiers are optional. The following table lists the possible secondary specifiers and their purpose.

Note: You can use more than one secondary specifier in a rule. However, you cannot repeat a secondary specifier.
Secondary Specifier Allowed Value
time A time range, such as 08:00-14:00
prefix A prefix in the path part of a URL
suffix A file suffix in the URL
src_ip A single client IP address, or a client IP address range.
port A requested URL port
method

A request URL method; one of the following:

  • get
  • post
  • put
  • trace
scheme

A request URL protocol. You can specify one of the following:

  • HTTP
  • HTTPS
  • FTP (for FTP over HTTP only)
user_agent

A request header User-Agent value.

Takes a regular expression that is applied to the user-agent string. SeeSpecifying URL regular expressions (url_regex) for information about using regular expressions.

The following table lists the possible actions and their allowed values.

Action Allowed Value
action

Specify one of the following:

  • allow - to allow particular URL requests to bypass authentication. The proxy serves the requested content.
  • deny - to deny requests for HTTP or FTP objects from specific destinations. When a request is denied, the client receives an access denied message.
  • radius - not supported.
keep_hdr

The client request header information that you want to keep. You can specify the following options:

  • date
  • host
  • cookie
  • client_ip
strip_hdr The client request header information that you want to strip. You can specify the same options as with keep_hdr.
add_hdr

The custom header value you want to add. Requires specification of the custom header and a header value. For example:

add_hdr=“header_name:header_value