Login
- Table of Contents
-
- H3C SecPath Security Products FAQ(V7)-6W101
- 00-Preface
- 01-AFT FAQ
- 02-Anti-virus FAQ
- 03-Application audit and management FAQ
- 04-APR FAQ
- 05-ASPF FAQ
- 06-Attack detection and prevention FAQ
- 07-Bandwidth management FAQ
- 08-Data analysis center FAQ
- 09-Data filtering FAQ
- 10-Device forwarding FAQ
- 11-DPI FAQ
- 12-FAQ on Intranet security comprehensive scoring (Security overview)
- 13-File filtering FAQ
- 14-IPsec FAQ
- 15-IPS FAQ
- 16-IRF FAQ
- 17-License management FAQ
- 18-Load balancing FAQ
- 19-Mirroring FAQ
- 20-NAT FAQ
- 21-NetShare control FAQ
- 22-PKI FAQ
- 23-RBM-based hot backup FAQ
- 24-Security zone FAQ
- 25-Security policy FAQ
- 26-SSL decryption FAQ
- 27-SSL VPN FAQ
- 28-System management and maintenance FAQ
- 29-URL filtering FAQ
- 30-User access and authentication FAQ
- 31-WAF FAQ
- 32-Web operations FAQ
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 30-User access and authentication FAQ | 26.67 KB |
User access and authentication FAQ
Q. What are the filtering rules supported by portal, and in what order are user messages matched?
A. Devices will generate different types of portal filtering rules based on the configuration and authentication status of portal users. After receiving a user packet, the device compares the packet against rules in the following order. Once a match is found, the matching process ends:
1. Compares against the free rules.
¡ If a match is found, the device allows the packet to pass through.
¡ If no match is found, the device proceeds to the next step.
2. Compares against the user rules.
¡ If a match is found, the device allows the user to access network resources.
¡ If no match is found, the device proceeds to the next step.
3. Compares against the portal anti-attack rules.
¡ If a match is found, the device discards the packet and silences the user for a period of time, during which the user cannot perform authentication.
¡ If no match is found, the device proceeds to the next step.
4. Compares against the redirection rules.
¡ If a match is found, the device uploads the packet to the CPU for processing.
¡ If no match is found, the device proceeds to the next step.
5. Compares against the MAC-based quick portal authentication rules.
¡ If a match is found, the device uploads the packet to the CPU for processing.
¡ If no match is found, the device proceeds to the next step.
6. Compares against the deny rules.
¡ If a match is found, the device discards the packet.
¡ If no match is found, the device allows the packet to pass through.
Q. How is the web noise reduction mechanism implemented in portal?
A. When portal users access the external network through the HTTP/HTTPS protocol, the device responds to their HTTP/HTTPS requests by encapsulating the URL of the portal Web server in a JavaScript script. The script can only be recognized by the browser program. Therefore, only the browser program initiates connection requests to the portal Web server, avoiding pressure on the portal Web server caused by other software, such as QQ and Thunder, sending a large number of HTTP/HTTPS messages.
