HTTP Access Rules
One or more access rules may be needed to allow your Screen access to the VirusWall scanner server (see "To Add a New Rule" in SunScreen 3.2 Administration Guide.
Because VirusWall scanning is optional, and because the viruswall-server address object cannot be preconfigured during installation, the following example shows prototypical post-installation steps to enable VirusWall scanning of HTTP content:
admin% ssadm --r primary edit Initial
edit> add address viruswall-server 10.73.176.13
edit> add rule viruswall-http localhost viruswall-server ALLOW
edit> add rule www 'inside' web-scanner ALLOW PROXY_HTTP
edit> vars add prg=httpp name=scan.0 ENABLED
VALUES={ name=VirusWallServerHTTP } DESCRIPTION="HTTP proxy content scanner"
|
This example:
-
Defines the address for viruswall-server
-
Adds a rule to allow communication between the Screen and the VirusWall scanner
-
Adds another rule to allow HTTP proxy traffic
-
Sets the ENABLED flag to turn on HTTP proxy content scanning
If content scanning has been configured, and once proxy-based content checks have been performed, the resulting content is passed to the scanner for inspection. The scanner may instruct that the content be blocked, or may alter (for example, clean viruses from) the content, or may return it unaltered. You receive scanning results (as being blocked, if so determined) that are reflected in SunScreen log entries regarding the HTTP request and its results.
- © 2010, Oracle Corporation and/or its affiliates