HTTP Inspection Filters Parent topic

HTTP > HTTP Inspection > Filters
The HTTP Inspection filters provide a general way to identify Web traffic. It allows for the creation of filtering conditionals using the following components:
  • URL Host
  • URL Path
  • URL Query
  • HTTP Method
  • HTTP Header

Default HTTP Inspection Filters

Default filters for HTTP Inspection provide filtering for common scenarios, such as blocking social networking services (SNS) uploads or regulating Web access through the use of certain types of browsers.
Default filters include:
  • Browser-type filter—Identifies requests sent from the MSIE | FireFox |Chrome | Opera browser according to the user-agent header
  • Large data download filter—Identifies large file downloads according to the content-length header
  • Large data upload filter—Identifies large file uploads according to the content-length header
  • Query keyword filter—Identifies sensitive keyword querying using search engines like Google, Baidu, etc.
  • SNS site post filter—Identifies post request (including message posts and video file uploads) for the top three sites: Facebook, YouTube, and Twitter. Additional sites can be added by the administrator as needed.
  • WebDAV traffic filter—IdentifiesWebDAV special request methods PROPFIND, PROPMATCH, MKCOL, COPY, and MOVE
  • Web file upload filter—Identifies web file uploads (like BBS or Webmail file uploads) according to the content-type header
See the table below for the default filter settings.
Admins can make minor adjustments to the default or pre-defined filters to obtain the control capabilities needed.
  • Add—Opens the Add Filter wizard that will take you through the steps of defining a new filter
  • Delete—Allows you to delete a filters
  • Export—Allows you to export existing filters keyword filter
  • Import—Allows you to import custom filters created elsewhere or by technical support
Matrix of Default HTTP Inspection Filter Settings
Default Filter Name
Filtering Type
Request Method
URL Host
URL Path
URL Query
Header
Name/Operator/Value
Browser Type
REQ
None
None
None
None
User-Agent/Contains/MSIE || Firefox ||Chrome || Opera
Large Data Download
RESP
N/A
None
None
None
Content-length/>/1048576
Large Data Upload
REQ
None
None
None
None
Content-length/>/1048576
Query Keyword
REQ
None
None
<keyword>
None/None/None
SNS site post
REQ
POST
(Added in Advanced View)
youtube_upload REQ {
METHOD: POST
HOST: upload\.youtube\.com
}
twitter_msg_post REQ {
METHOD: POST
HOST: twitter\.com
PATH: status
}
facebook_upload REQ {
METHOD: POST
HOST: upload\.facebook\.com
}
None
None
None/None/None
Web File Upload
REQ
POST
None
None
None
Content-Type/Contains/multipart/form-data
WebDAV
REQ
PROPFIND
PROPMATCH
MKCOL
COPY
MOVE
None
None
None
None/None/None
See also:
Related information