Command Line Interface Reference Guide > The SLB Configuration Menu
/cfg/slb/filt <filter number>/adv/layer7
Layer 7 Advanced Filter Configuration Menu
 
[Layer 7 Advanced Menu]
sip - Layer 7 SIP Menu
urlcont - Set BW cont of an URL path specific to this filter
addrd - Add HTTP redirection mapping
remrd - Remove HTTP redirection mapping
addstr - Add string for layer 7 filtering
remstr - Remove string for layer 7 filtering
httphash - Set HTTP header hash parameter for filter
rdsnp - Enable/disable WAP RADIUS Snooping
rdswap - Enable/disable RADIUS/WAP Persistence
ftpa - Enable/disable active FTP NAT
l7lkup - Enable/disable layer 7 content lookup
parseall - Enable/disable layer 7 lookup (parsing) of all packets
     invert - Enable/disable invert action for layer 7 string matching
cur - Display current layer 7 configuration
 
Layer 7 Advanced Filter Menu Options (/cfg/slb/filt/adv/layer7) 
Command Syntax and Usage
sip
 
Displays the Layer 7 SIP menu. To view this menu, see /cfg/slb/filt <num>/adv/layer7/sip Layer 7 SIP Menu.
urlcont <URL path ID> <BW contract> <BW contract for reverse traffic>
 
Specifies the URL path bandwidth (BW) management contract for this filter.
Note: Use this option only when a string is shared by multiple filters and each filter requires a separate bandwidth.
A contract is created to assign a certain amount of bandwidth for an application. Up to 1024 contracts can be configured on a single Alteon. Alteon uses these contracts to limit individual traffic flows, and can be enabled or disabled as necessary. Contracts can be assigned to different types of traffic, based on whether it is Layer 2, Layer 4, or Layer 7 traffic, as well as by port, VLAN, trunk, filters, virtual IP address, service on the virtual server, URL, and so on. Any item that is configured with a filter can be used for bandwidth management.
addrd [1>2]
 
Specifies an HTTP redirection mapping. Strings are defined using the /cfg/slb/layer7/slb/add command.
If the HTTP request matches the first string, Alteon issues an HTTP redirection message to the client that contains the information in the second string.
remrd <string id to redirect from (1-1024) string id to redirect to (2-1024)>
 
Removes an HTTP redirection mapping that was added using the addrd command (see in this table).
addstr <string id (1-1024)>
 
Adds the string ID to this filter for Layer 7 filtering. The string is defined using the /cfg/slb/layer7/slb/add command.
remstr <string id (1-1024)>
 
Removes the string ID for Layer 7 filtering. The string is defined using the /cfg/slb/layer7/slb/add command.
httphash <hash method> <header name> <length>
 
Sets the HTTP header hash parameter for the filter.
rdsnp <disable|enable>
 
Specifies whether to enable WAP RADIUS snooping on this filter.
RADIUS snooping lets Alteon examine RADIUS accounting packets for client information. This information is needed to add to or delete static session entries in the Alteon session table so that Alteon can perform the required persistence for load balancing.
Default: disable
rdswap enable|disable
 
Specifies whether to enable RADIUS/WAP persistence on this filter. This feature allows for RADIUS and WAP persistence by binding both RADIUS accounting and WAP sessions to the same server.
A WAP client is first authenticated by the RADIUS server on UDP port 1812. The server replies with a RADIUS Accept or Reject frame. Alteon forwards this reply to the Remote Access Service (RAS). After the RAS receives the RADIUS accept packet, it sends a RADIUS accounting start packet on UDP port 1813 to the bound server. Alteon snoops on the RADIUS accounting start packet for the framed IP address attribute. The framed IP address attribute is used to rebind the RADIUS accounting session to a new server.
Default: disable
ftpa disable|enable
 
Specifies whether to enable active FTP Client Network Address Translation (NAT).
When a client in active FTP mode sends a PORT command to a remote FTP server, Alteon examines the data part of the frame and replaces the client’s private IP address with a proxy IP (PIP) address. The real server port (RPORT) is replaced with a proxy port (PPORT), that is (PIP:PPORT).
It also ensures persistency to the same server of the control and data sessions regardless of the type of FTP transfer (active or passive) when the configured group metric is not a hash metric.
Default: disable
l7lkup disable|enable
 
Specifies whether to enable legacy Layer 7 data classification. When enabled, the filter performs a lookup on Layer 7 content such as HTTP strings or headers.
Note: Radware recommends using content class (or an AppShape++ script for additional flexibility) for Layer 7 data classification.
This legacy Layer 7 lookup command is not supported when Content class (AppXcel) is configured in Alteon.
Default: disable
parseall disable|enable
 
Specifies whether to parse all packets or transactions in a session where Layer 7 parsing is being performed.
This field is relevant for legacy Layer 7 lookup and content classes.
Values:
*disable — Alteon performs Layer 7 matching only on the first transaction. The rest of the transactions are not examined.
*enable — Alteon performs Layer 7 matching on all transactions in a session. Each transaction can be matched to a different filter.
Default: disable
Note: When working in force proxy mode, Alteon performs parsing per transaction.
invert disable|enable
 
Enables or disables the invert action for Layer 7 string matching.
Relevant when you use legacy Layer 7 capabilities on filters for which the /cfg/slb/filt/action command is set to redir.
A Layer 7 invert filter works like a basic invert filter, but the invert action is delayed until the string content is examined to see if the session needs to be redirected because of its content.
*If an invert filter is enabled and a string match is found, Alteon sends the request to the cache server.
*If an invert filter is enabled and no string match is found, Alteon sends the request to the original destination server of the client packet.
*If the invert filter option is disabled and a string match is found, Alteon sends the request to the original destination server of the client packet.
*If the invert filter option is disabled and no string match is found, Alteon sends the request to the cache server.
Traffic that matches the Layer 7 invert filtering criteria can be redirected to VAS servers when enabling the invert command.
Default: disable
cur
 
Displays the current Advanced Layer 7 configuration of the filter, including the RADIUS and WAP persistence settings.