для Cisco Cisco ASR 5000
If a new category (also referred to as x-category) is present in the OPTCMDB file, then action for all URLs
for the new category can be configured at runtime. For information on how to configure x-category, refer to
the Configuring Content Filtering Policy section in the Content Filtering Service Configuration chapter.
for the new category can be configured at runtime. For information on how to configure x-category, refer to
the Configuring Content Filtering Policy section in the Content Filtering Service Configuration chapter.
The redirect server may prompt the subscriber to send additional security credentials in order to access the
requested content.
requested content.
◦terminate-flow: The system gracefully terminates the TCP connection between the subscriber and server, and
sends a TCP FIN to the subscriber and a TCP RST to the server.
◦www-reply-code-and-terminate-flow: The system terminates the flow with a specified reply code to the
subscriber’s mobile. The reply code is as specified in the subscriber’s content filtering policy.
• If a category is not returned / the URL is not present in the database, the system takes the action as configured for
the UNKNOW category in the subscriber’s Content Filtering policy.
• If for the category returned there is no action configured in the subscriber’s content filtering policy, the default
action is taken.
Step 14
MS requests for session termination.
Step 15
System sends Accounting-Stop Request to the AAA server.
Step 16
AAA server stops the accounting for the MS for content filtering session and sends Accounting-Stop-Response to the
system.
system.
How URL Blacklisting and Category-based Content Filtering
Work Concurrently
Work Concurrently
Both URL Blacklisting and Category-based Content Filtering can be concurrently enabled in a system. The
following describes how URL blacklisting and content filtering are performed on HTTP/WAP traffic when
concurrently enabled on a system:
following describes how URL blacklisting and content filtering are performed on HTTP/WAP traffic when
concurrently enabled on a system:
Step 1
If both URL Blacklisting and Category-based Content Filtering are enabled, first URL blacklist matching is performed,
and then, if required, content filtering is performed.
When an HTTP/WAP request comes for ECS processing, a check is made to see if the URL Blacklisting feature is
enabled. If enabled, the URL is extracted from the incoming request and is matched with the local Blacklist database.
and then, if required, content filtering is performed.
When an HTTP/WAP request comes for ECS processing, a check is made to see if the URL Blacklisting feature is
enabled. If enabled, the URL is extracted from the incoming request and is matched with the local Blacklist database.
• If a match is found for the URL in the Blacklist database, the packets are subjected to the blacklisting action
configured in the rulebase—Discard, Redirect, or Terminate flow. In case of multiple HTTP requests in the same
TCP packet, if any of the URLs is blacklisted, then action is taken on the packet.
TCP packet, if any of the URLs is blacklisted, then action is taken on the packet.
• If a match is not found in the Blacklist database, then Category-based Content Filtering is performed.
If Category-based Static Content Filtering is enabled, static rating is performed and action taken as configured for
the category returned in the subscriber’s content filtering policy.
the category returned in the subscriber’s content filtering policy.
CF Administration Guide, StarOS Release 18
17
Content Filtering Support Overview
How URL Blacklisting and Category-based Content Filtering Work Concurrently