Content Filtering Policy Configuration Mode Commands

The Content Filtering Policy Configuration Mode allows you to configure analysis and action when Content Filtering (CF) matches a Content Filtering Category Policy Identifier.

Mode

Exec > ACS Configuration > CFP Configuration

active-charging service service_name > content-filtering category policy-id cf_policy_id

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-content-filtering-policy)# 

Important


The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).


analyze

Specifies the action to take for the indicated result after content filtering analysis.

Product

CF

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > CFP Configuration

active-charging service service_name > content-filtering category policy-id cf_policy_id

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-content-filtering-policy)# 

Syntax

In 12.2 and later releases:

analyze priority priority { all | category category | x-category string } action { allow | content-insert content_string | discard | redirect-url url | terminate-flow | www-reply-code-and-terminate-flow reply_code } [ reporting-edr reporting_edr_format_name ] 
no analyze priority priority 

In 12.1 and earlier releases:

analyze priority priority { all | category category | x-category string } action { allow | content-insert content_string | discard | redirect-url url | terminate-flow | www-reply-code-and-terminate-flow reply_code } [ edr edr_format_name ] 
no analyze priority priority 

no

Removes the specified analyze priority configuration.

priority priority

Specifies the precedence of a category in the content filtering policy.

priority must be an integer from 1 to 65535 that is unique in the content filtering policy.

all

Specifies the default action to take if the category returned after rating is not configured in the subscriber's content filtering policy. This has the lowest priority.

category category

Specifies the category.

category must be one of the following.

  • ABOR

  • ADULT

  • ADVERT

  • ANON

  • ART

  • AUTO

  • BACKUP

  • BLACK

  • BLOG

  • BUSI

  • CAR

  • CDN

  • CHAT

  • CMC

  • CRIME

  • CULT

  • DRUG

  • DYNAM

  • EDU

  • ENERGY

  • ENT

  • FIN

  • FORUM

  • GAMB

  • GAME

  • GLAM

  • GOVERN

  • HACK

  • HATE

  • HEALTH

  • HOBBY

  • HOSTS

  • KIDS

  • LEGAL

  • LIFES

  • MAIL

  • MIL

  • NEWS

  • OCCULT

  • PEER

  • PERS

  • PHOTO

  • PLAG

  • POLTIC

  • PORN

  • PORTAL

  • PROXY

  • REF

  • REL

  • SCI

  • SEARCH

  • SHOP

  • SPORT

  • STREAM

  • SUIC

  • SXED

  • TECH

  • TRAV

  • VIOL

  • VOIP

  • WEAP

  • WHITE

  • UNKNOW


Important


Content can simultaneously match multiple categories, therefore specific priority must be used for required evaluation precedence.


x-category string

This keyword can be used to configure runtime categories not present in the CLI.

string specifies the unclassified category to be rated, and must be an alphanumeric string of 1 through 6 characters.

A maximum of 10 x-categories can be configured.

action { allow | content-insert content_string | discard | redirect-url url | terminate-flow | www-reply-code-and-terminate-flow reply_code }

Specifies the action to take for the indicated result of content filtering analysis.

allow : With static content filtering, this option allows the request for content. In dynamic content filtering it allows the content itself.

content-insert content_string : Specifies the content string to be inserted in place of the message returned from prohibited/restricted site or content server.

For static content filtering, content_string is used to create a response to the subscriber's attempt to get content. In dynamic content filtering, it is used to replace the content returned by a server.

content_string must be an alphanumeric string of 1 through 1023 characters.

discard : For static content filtering, this option discards the packet(s) that requested. In dynamic content filtering, it discards the packet(s) that contain(s) the content.

redirect-url url : Redirects the subscriber to the specified URL.

url must be an alphanumeric string of 1 through 1023 characters in the http://search.com/subtarg=#HTTP.URL# format.

terminate-flow : Terminates the TCP connection gracefully between the subscriber and server, and sends a TCP FIN to the subscriber and a TCP RST to the server.

www-reply-code-and-terminate-flow reply_code : Terminates the flow with the specified reply code. reply_code must be a reply code that is an integer from 100 through 599.


Important


Static-and-Dynamic Content Filtering is only supported in 9.0 and later releases.


edr edr_format_name


Important


This option is available only in 12.1 and earlier releases. In 12.2 and later releases, it is deprecated and replaced by the reporting-edr option.


Generates separate EDRs for content filtering based on action and content category using a specified EDR file format name.

edr_format_name is the name of a pre-defined EDR file format name in the EDR Format Configuration Mode, and must be an alphanumeric string of 1 through 63 characters.


Important


EDRs generated through this keyword are different from charging EDRs generated for subscriber accounting and billing. For more information on generation of charging EDRs, refer to the ACS Rulebase Configuration Mode Commands chapter.


reporting-edr reporting_edr_format_name


Important


This option is available only in 12.2 and later releases.


Generates separate reporting EDRs for Content Filtering based on the action and content category using the specified EDR file format name.

reporting_edr_format_name must be an alphanumeric string of 1 through 63 characters.

Usage Guidelines

Use this command to specify the action and priorities for the indicated result of content filtering analysis.

Up to 64 priorities and actions can be entered with this command.

Example

The following command sets priority 10 for category ADULT with action as terminate-flow :
analyze priority 10 category ADULT action terminate-flow 

discarded-flow-content-id

Accounts for packets discarded as a result of content filtering action.

Product

CF

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > CFP Configuration

active-charging service service_name > content-filtering category policy-id cf_policy_id

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-content-filtering-policy)# 

Syntax

discarded-flow-content-id content_id 
no discarded-flow-content-id 

content_id

Specifies the content ID for discarded flows as an integer from 1 through 65535.

Usage Guidelines

Use this command in the configuration to account for packets discarded as a result of CF action.

A flow end-condition EDR would be generated as a charging EDR for content-filtered packets. No billing EDRs (even with flow-end) would be generated for a discarded packet as the flow will not end. Dual EDRs would exist for customers who want to use "flow end" to get EDRs for charging, plus CF-specific EDRs. The second EDR for charging comes from the flow end-condition content-filtering configuration in the Rulebase Configuration Mode.

The discarded-flow-content-id configuration can be used for accumulating statistics for UDR generation in case CF discards the packets. These statistics for UDR generation (based on the CF content ID) would also be accumulated in case of ACS error scenarios where the packets are discarded but the flow does not end.

If, in the Rulebase Configuration Mode, the content-filtering flow-any-error configuration is set to deny , then all the denied packets will be accounted for by the discarded-flow-content-id config. That is, the content_id will be used to generate UDRs for the denied packets in case of content filtering.

Example

Use the following command to set the accumulation of statistics for UDR generation based on the CF content ID 1003 :
discarded-flow-content-id 1003  

end

Exits the current configuration mode and returns to the Exec mode.

Product

All

Privilege

Security Administrator, Administrator

Syntax

end 

Usage Guidelines

Use this command to return to the Exec mode.

exit

Exits the current mode and returns to the parent configuration mode.

Product

All

Privilege

Security Administrator, Administrator

Syntax

exit 

Usage Guidelines

Use this command to return to the parent configuration mode.

failure-action

Specifies the failure action when the content filtering analysis results are not available to analyze.

Product

CF

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > CFP Configuration

active-charging service service_name > content-filtering category policy-id cf_policy_id

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-content-filtering-policy)# 

Syntax

failure-action { allow | content-insert content_string | discard | redirect-url url | terminate-flow | www-reply-code-and-terminate-flow reply_code } [ edr edr_format_name ] 
default failure-action [ edr edr_format_name ] 

default

Configures the default setting to terminate the flow.

allow

In static content filtering, this option allows the request for content. In dynamic content filtering it allows the content itself.


Important


Static-and-Dynamic Content Filtering is only supported in 9.0 and later releases.


content-insertion content_string

Specifies the content string to be inserted in place of the message returned from the content server due to connection timeout or when no category policy ID is available for the content.

For content filtering, the content_string is used to create a response to the subscriber's attempt to get content. In dynamic content filtering it replaces the content returned by a server.

content_string is an alphanumeric string of 1 through 1023 characters.


Important


Static-and-Dynamic Content Filtering is only supported in 9.0 and later releases.


discard

In static content filtering, specifies discarding the packet(s) that requested. In dynamic content filtering it discards the packet(s) that contain the content.


Important


Static-and-Dynamic Content Filtering is only supported in 9.0 and later releases.


redirect-url url

Redirects the subscriber to the specified URL.

url must be an alphanumeric string of 1 through 1023 characters, in the following format: http://search.com/subtarg=#HTTP.URL#

terminate-flow

Terminates the TCP connection gracefully between the subscriber and external server and sends a TCP FIN to the subscriber and a TCP RST to the server. This is the default behavior.

www-reply-code-and-terminate-flow reply_code

Sets action as terminate-flow with a reply code that is a 3-digit integer from 100 through 599.

edr edr_format_name

Specifies the name of a pre-defined EDR format to be generated on the content filtering action as an alphanumeric string of 1 through 63 characters.

Usage Guidelines

Use this command to set the failure action to take when no content filtering analysis result is available to analyze for analyze priority priority category category_string command.

Example

The following command sets the failure action as discard :
failure-action discard 

timeout action

This command has been deprecated, and is replaced by the command.