3com MSR 20-20 참조 매뉴얼

java-blocking: Blocks the Java Applets of packets to the specified network 
segment, applicable to HTTP only.

acl-number: Basic ACL number, in the range 2,000 to 2,999.

seconds: Configures the protocol idle timeout period, in seconds. The effective 
range is 5 to 43,200.

Use the detect command to configure ASPF detection for the application layer 
protocol or transport layer protocol.

Use the undo detect command to remove the configuration.

By default, the timeout period for an application layer protocol is 3,600 seconds, 
the TCP-based timeout period is 3,600 seconds, and the UDP-based timeout 
period is 30 seconds.

Note that:

■

If the protocol type is HTTP, Java blocking is allowed.

■

If application layer protocol detection and general TCP/UDP detection are both 
enables, application layer protocol detection is given priority over general 
TCP/UDP detection.

■

ASPF uses timeouts to manage the session status information of a protocol so 
as to determine when to terminate the status information management of a 
session or when to delete a session that cannot be normally established. As a 
global configuration, the setting of a timeout applies to all sessions to protect 
system resources from being maliciously seized.

■

A protocol idle timeout setting specified using the detect command has 
priority over a timeout setting specified using the aging-time command.

display aspf all, display aspf policy, display aspf session, and display aspf 
interface.

# Specify ASPF policy 1 for the FTTP protocol, enable Java blocking, and configure 
ACL 2000 so that the ASPF policy can filter Java applets from the server 10.1.1.1.

<Sysname> system-view

[Sysname] acl number 2000

[Sysname-acl-basic-2000] rule permit source 10.1.1.1 0

[Sysname-acl-basic-2000] rule deny source any

[Sysname-acl-basic-2000] quit

[Sysname] aspf-policy 1

[Sysname-aspf-policy-1] detect http java-blocking 2000 

Any view