Support /
Knowledge Base

Configure The Ruleset

HTTP proxy is driven by an ordered set of rules against which any HTTP request passing through it is matched. When a request matches a rule, the action of that rule (which can be allow or deny) is enforced upon the request; the request subsequently ‘leaves’ the ruleset. Default policy for the HTTP proxy ruleset is to deny any request.

Anatomy of a Rule

A rule is comprised of four elements:

  • a network address, used to be matched against the IP address of the request
  • a URL ACL
  • a time ACL
  • a filter action (ALLOW or DENY)

 

HTTP proxy’s rule system, the anatomy of a rule and the way an HTTP request passes through the ruleset is presented in Figure 6-2.

The only mandatory items from a rule are the network address and the filter action. The network address can be any defined network address, host address or network group defined in Definitions menu. To specify a URL ACL or a time ACL, one has to create them in the Proxies > HTTP Proxy > URL ACLs, Proxies > HTTP Proxy > URL Lists and Proxies > HTTP Proxy > Time ACLs menus.
 

 

Figure 1. HTTP Proxy rule system

Defining URL ACLs

URL ACLs can be used to match against the URL of a request. They come in two distinct flavors:

  • Simple regular expression (POSIX style) URL ACLs, defined in Proxies > HTTP Proxy > URL ACLs menu – a named regular expression used to match URLs; under that menu you can see a list of previously defined (if any) URL ACLs that can be enabled, disabled, edited and removed; after adding one or more ACLs click the ‘Apply’ button to add them to the system’s configuration.
  • URL list ACL, declared in Proxies > HTTP Proxy > URL Lists, are named paths to a file containing URLs one per line; to define an URL list ACL, insert a name for that ACL and a file where you list URLs one per line, as stated above. HTTP proxy will make internally an association between the path of the file containing the URL listing and the name given to the ACL.

 

Examples:

  • Define an URL ACL: navigate to Proxies > HTTP Proxy > URL ACLs menu, enter google_acl (or any other name for that matter) in the ‘Name’ field and google in the ‘Filtering expression’ field. Press ‘Save’ and once the ACL appears in the URL ACLs list press ‘Apply’ to add the ACL to Syneto’s configuration.

 

Figure 2. Defining an URL ACL

  • Define a URL list ACL: first create a file containing a list of URLs, one per line, like below:
    http://www.google.com
    http://www.altavista.com
    http://www.yahoo.com
  • Then, navigate to Proxies > HTTP Proxy > URL Lists and create a new ACL by naming the ACL my_list in the ‘Name’ field and uploading the file you just created. Press ‘Save’ and once the ACL appears in the URL Lists list, press ‘Apply’ to add the ACL to Syneto’s configuration.

 

Figure 3. Creating an URL list ACL

 

Time ACLs

Time ACLs are used to specify a time interval when the rule is active. They are based on the day of the week and time of day. To create a time ACL, navigate to Proxies > HTTP Proxy > Time ACLs and start defining the ACL by entering a name (i.e. work_hours), selecting the weekdays during which the ACL is active (Monday to Friday) and the period of the day on which it is active (from 08:00 to 17:00). Save the ACL and when it appears in the Time ACL listing, press ‘Apply’ to add the ACL to Syneto’s configuration.
 

 

Figure 4. Defining a time ACL

Defining a Rule

To define a rule, navigate to Proxies > HTTP Proxy > Filtering Rules and select the network for which you want this rule to be active (i.e. eth2 or my_network), an URL ACL (i.e. google_acl), a time ACL (i.e. work_hours) and the rule’s action (i.e. ACCEPT). This will define a rule which allows access to any URL containing the word google (it’s not the host name that should equal the string google, the name can appear anywhere in the URL, in this case), Monday to Friday, during work hours.
 

 

Figure 5. Defining an HTTP rule