Login
- Table of Contents
-
- H3C SecPath Security Products FAQ(V7)-6W100
- 00-Preface
- 01-System management and maintenance FAQ
- 02-Device forwarding FAQ
- 03-License management FAQ
- 04-RBM-based hot backup FAQ
- 05-NAT FAQ
- 06-User access and authentication FAQ
- 07-Attack detection and prevention FAQ
- 08-IPS FAQ
- 09-Anti-virus FAQ
- 10-URL filtering FAQ
- 11-File filtering FAQ
- 12-Bandwidth management FAQ
- 13-SSL VPN FAQ
- 14-IPsec FAQ
- 15-Load balancing FAQ
- 16-Mirroring FAQ
- 17-IRF FAQ
- 18-Security policy FAQ
- 19-Security zone FAQ
- 20-ASPF FAQ
- 21-PKI FAQ
- 22-APR FAQ
- 23-DPI FAQ
- 24-Application audit and management FAQ
- 25-Data filtering FAQ
- 26-Data analysis center FAQ
- 27-WAF FAQ
- 28-AFT FAQ
- 29-SSL decryption FAQ
- 30-NetShare control FAQ
- 31-FAQ on Intranet security comprehensive scoring (Security overview)
- 32-Web operations FAQ
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 06-User access and authentication FAQ | 23.22 KB |
User access and authentication FAQ
Q. What are the filtering rules supported by portal, and in what order are user messages matched?
A. Devices will generate different types of portal filtering rules based on the configuration and authentication status of portal users. After receiving a user packet, the device compares the packet against rules in the following order. Once a match is found, the matching process ends:
1. Compares against the free rules.
¡ If a match is found, the device allows the packet to pass through.
¡ If no match is found, the device proceeds to the next step.
2. Compares against the user rules.
¡ If a match is found, the device allows the user to access network resources.
¡ If no match is found, the device proceeds to the next step.
3. Compares against the portal anti-attack rules.
¡ If a match is found, the device discards the packet and silences the user for a period of time, during which the user cannot perform authentication.
¡ If no match is found, the device proceeds to the next step.
4. Compares against the redirection rules.
¡ If a match is found, the device uploads the packet to the CPU for processing.
¡ If no match is found, the device proceeds to the next step.
5. Compares against the MAC-based quick portal authentication rules.
¡ If a match is found, the device uploads the packet to the CPU for processing.
¡ If no match is found, the device proceeds to the next step.
6. Compares against the deny rules.
¡ If a match is found, the device discards the packet.
¡ If no match is found, the device allows the packet to pass through.
Q. How is the web noise reduction mechanism implemented in portal?
A. When portal users access the external network through the HTTP/HTTPS protocol, the device responds to their HTTP/HTTPS requests by encapsulating the URL of the portal Web server in a JavaScript script. The script can only be recognized by the browser program. Therefore, only the browser program initiates connection requests to the portal Web server, avoiding pressure on the portal Web server caused by other software, such as QQ and Thunder, sending a large number of HTTP/HTTPS messages.
