[Layer 7 Advanced Menu] sip - Layer 7 SIP Menu urlcont - Set BW cont of an URL path specific to this filter addrd - Add HTTP redirection mapping remrd - Remove HTTP redirection mapping addstr - Add string for layer 7 filtering remstr - Remove string for layer 7 filtering httphash - Set HTTP header hash parameter for filter rdsnp - Enable/disable WAP RADIUS Snooping rdswap - Enable/disable RADIUS/WAP Persistence ftpa - Enable/disable active FTP NAT l7lkup - Enable/disable layer 7 content lookup parseall - Enable/disable layer 7 lookup (parsing) of all packets invert - Enable/disable invert action for layer 7 string matching cur - Display current layer 7 configuration |
Command Syntax and Usage | |
---|---|
sip | |
Displays the Layer 7 SIP menu. To view this menu, see /cfg/slb/filt <num>/adv/layer7/sip Layer 7 SIP Menu. | |
urlcont <URL path ID> <BW contract> <BW contract for reverse traffic> | |
Specifies the URL path bandwidth (BW) management contract for this filter. Note: Use this option only when a string is shared by multiple filters and each filter requires a separate bandwidth. A contract is created to assign a certain amount of bandwidth for an application. Up to 1024 contracts can be configured on a single Alteon. Alteon uses these contracts to limit individual traffic flows, and can be enabled or disabled as necessary. Contracts can be assigned to different types of traffic, based on whether it is Layer 2, Layer 4, or Layer 7 traffic, as well as by port, VLAN, trunk, filters, virtual IP address, service on the virtual server, URL, and so on. Any item that is configured with a filter can be used for bandwidth management. | |
addrd [1>2] | |
Specifies an HTTP redirection mapping. Strings are defined using the /cfg/slb/layer7/slb/add command. If the HTTP request matches the first string, Alteon issues an HTTP redirection message to the client that contains the information in the second string. | |
remrd <string id to redirect from (1-1024) string id to redirect to (2-1024)> | |
Removes an HTTP redirection mapping that was added using the addrd command (see in this table). | |
addstr <string id (1-1024)> | |
Adds the string ID to this filter for Layer 7 filtering. The string is defined using the /cfg/slb/layer7/slb/add command. | |
remstr <string id (1-1024)> | |
Removes the string ID for Layer 7 filtering. The string is defined using the /cfg/slb/layer7/slb/add command. | |
httphash <hash method> <header name> <length> | |
Sets the HTTP header hash parameter for the filter. | |
rdsnp <disable|enable> | |
Specifies whether to enable WAP RADIUS snooping on this filter. RADIUS snooping lets Alteon examine RADIUS accounting packets for client information. This information is needed to add to or delete static session entries in the Alteon session table so that Alteon can perform the required persistence for load balancing. Default: disable | |
rdswap enable|disable | |
Specifies whether to enable RADIUS/WAP persistence on this filter. This feature allows for RADIUS and WAP persistence by binding both RADIUS accounting and WAP sessions to the same server. A WAP client is first authenticated by the RADIUS server on UDP port 1812. The server replies with a RADIUS Accept or Reject frame. Alteon forwards this reply to the Remote Access Service (RAS). After the RAS receives the RADIUS accept packet, it sends a RADIUS accounting start packet on UDP port 1813 to the bound server. Alteon snoops on the RADIUS accounting start packet for the framed IP address attribute. The framed IP address attribute is used to rebind the RADIUS accounting session to a new server. Default: disable | |
ftpa disable|enable | |
Specifies whether to enable active FTP Client Network Address Translation (NAT). When a client in active FTP mode sends a PORT command to a remote FTP server, Alteon examines the data part of the frame and replaces the client’s private IP address with a proxy IP (PIP) address. The real server port (RPORT) is replaced with a proxy port (PPORT), that is (PIP:PPORT). It also ensures persistency to the same server of the control and data sessions regardless of the type of FTP transfer (active or passive) when the configured group metric is not a hash metric. Default: disable | |
l7lkup disable|enable | |
Specifies whether to enable legacy Layer 7 data classification. When enabled, the filter performs a lookup on Layer 7 content such as HTTP strings or headers. Note: Radware recommends using content class (or an AppShape++ script for additional flexibility) for Layer 7 data classification. This legacy Layer 7 lookup command is not supported when Content class (AppXcel) is configured in Alteon. Default: disable | |
parseall disable|enable | |
Specifies whether to parse all packets or transactions in a session where Layer 7 parsing is being performed. This field is relevant for legacy Layer 7 lookup and content classes. Values: ![]() ![]() Default: disable Note: When working in force proxy mode, Alteon performs parsing per transaction. | |
invert disable|enable | |
Enables or disables the invert action for Layer 7 string matching. Relevant when you use legacy Layer 7 capabilities on filters for which the /cfg/slb/filt/action command is set to redir. A Layer 7 invert filter works like a basic invert filter, but the invert action is delayed until the string content is examined to see if the session needs to be redirected because of its content. ![]() ![]() ![]() ![]() Traffic that matches the Layer 7 invert filtering criteria can be redirected to VAS servers when enabling the invert command. Default: disable | |
cur | |
Displays the current Advanced Layer 7 configuration of the filter, including the RADIUS and WAP persistence settings. |