URL Blacklisting

Revision History


Note

Revision history details are not provided for features introduced before release 21.24.

Revision Details

Release

First introduced

Pre 21.24

Feature Description

The URL blacklisting feature regulates the subscribers access to view or download content from websites whose URL or URI has been blacklisted. It uses a database that records a list of URLs that indicates if the detected URL is categorized to be blocked or not.

How it Works

To enable the URL blacklisting feature on User Plane (UP), URL blacklisting database should be present with a name “optblk.bin” under flash, or SFTP or under its sub-directory. This database directory path needs to be configured on user-plane, after user-plane services are brought up.

HTTP Analyzer must be enabled for URL blacklisting. The HTTP analyzer extracts URL information from the incoming HTTP request data packet. Extracted URL content is compared with the URL Blacklisting database. Once the incoming HTTP data packet’s URL matches with the database URL entry, that URL is treated as blacklisted URL and one of the following actions takes place on that HTTP packet.

  • Termination of flow

  • Packet is discarded

The URL blacklisting configurations must be configured on Control Plane (CP), Rulebase configuration under Active Charging Service. Additionally, two URL blacklisting methods – Exact and Generic, are supported at Active Charging Service-level configuration, on CP. These CLI configurations are pushed to UP through PFD mechanism, during Sx association procedure, to the CP.


Important

Blacklisting database(s) are provided by – IWF (Internet Watch Foundation) and NCMEC (National Center for Missing and Exploited Children). The ASR5500, CUPS UP always receives the blacklisting DB in Optimized Format (optimized blacklisting DB format).

URL Blacklisting Database Upgrade

URL database upgrade is supported in 2 ways:

  • Timer-based upgrade or Auto upgrade

  • CLI-based upgrade or Manual upgrade

Timer-based or Auto-upgrade

After the database is loaded on the chassis for the first time, a timer, for a duration of 5 minutes, is started. This process is started to auto upgrade the database.

If at the expiry of the timer, a valid database with higher version is available at the directory path, then database upgrade procedure is initiated, and a newer version of the database is loaded on the UP chassis.

To upgrade a URL blacklisting database, a higher version of valid URL Blacklisting database with name “optblk_f.bin” should be present at same directory as that of current database “optblk.bin”.

After the database is upgraded successfully, the earlier “optblk.bin” file gets renamed as “optblk_0.bin” and “optblk_f.bin” file gets renamed as “optblk.bin”. Here, “optblk_0.bin” file is treated as a backup file of older database.

If one more upgrade is performed, then “optblk_0.bin” file will be renamed as “optblk_1.bin” file and current “optblk.bin” will get renamed as “optblk_0.bin”, and so on.

The number of backup files to be stored in the database can be configured using the max-versions CLI on UP.

CLI-based or Manual Upgrade

In this upgrade method, the CLI command - upgrade url-blacklisting database , upgrades the current database to a newer version.

Limitations

In this release, session recovery and user-plane redundancy support is not fully qualified.

Configuring URL Blacklisting

Loading URL Blacklisting Database on UP

Use the following configuration to load URL blacklisting database on UP. 

configure 
   url-blacklisting database directory path database_directory_path 
   url-blacklisting database max-versions max_version_value 
   end

NOTES:

  • database directory path: Configures the database directory path.

    The database_directory_path is a string of size 1 to 255.

  • max-versions: Configures the maximum database upgrade versions.

    The max_version_value is an integer from 0 to 3.

Configuration to Enable URL Blacklisting

Use the following configuration to enable URL blacklisting feature on Control Plane. 

configure 
   require active-chargingservice_name 
      url-blacklisting match-method [ exact | generic ] 
      rulebase rulebase_name 
         url-blacklisting action [ discard | terminate-flow ] 
         end

NOTES:

  • match-method [ exact | generic ] : Specifies the match method used for URL blacklisting.

    exact : URL Blacklisting perform an exact-match of URL.

    generic : URL Blacklisting perform generic-match of URL.

  • url-blacklisting action [ discard | terminate-flow ]

    discard : Discards the HTTP packet received.

    terminate-flow : Terminates the flow of the HTTP packet received.

URL Blacklisting Database Upgrade

Use the following command to upgrade the URL Blacklisting Database. 

upgrade url-blacklisting database

Note
This CLI is used for manual upgrade of URL Blacklisting database. File optblk_f.bin must be present in order to upgrade URL Blacklisting database.

Monitoring and Troubleshooting

This section provides information regarding the CLI command available in support of monitoring and troubleshooting the feature.

Show Command(s) and/or Outputs

This section provides information regarding show commands and/or their outputs in support of this feature.

show user-plane-service url-blacklisting database

The following fields are displayed in support of this feature:

  • URL Blacklisting Static Rating Databases:

    • Last Upgrade Status

    • Path

      • Database Status

      • Number of URLs in DB

      • Type

      • Version

      • Creation Time

      • Hostname

      • Comment

      • Last Access Time

      • Last Modification Time

      • Last Status Change Time

show user-plane-service url-blacklisting database url database_directory_path

The following fields are displayed in support of this feature:

  • URL Blacklisting Static Rating Databases:

    • Last Upgrade Status

    • Path

      • Database Status

      • Number of URLs in DB

      • Type

      • Version

      • Creation Time

      • Hostname

      • Comment

      • Last Access Time

      • Last Modification Time

      • Last Status Change Time

show user-plane-service url-blacklisting database facility sessmgr all

The following fields are displayed in support of this feature:

  • URL-Blacklisting SessMgr Instance Based Database Configuration

    • SessMgr Instance

    • BL DB Load Status

    • BL DB Version

    • Number of URLs

    • Checksum

show user-plane-service inline-services info

The following fields are displayed in support of this feature:

  • URL-Blacklisting: Enabled

    • URL-Blacklisting Match-method: Generic

show user-plane-service rulebase name rulebase_name

The following fields are displayed in support of this feature:

  • URL-Blacklisting Action

  • URL-Blacklisting Content ID

show user-plane-service inline-services url-blacklisting statistics

The following are displayed in support of this feature:

  • Cumulative URL-Blacklisting Statistics

    • Blacklisting URL hits

    • Blacklisting URL misses

    • Total rulebases matched

show user-plane-service inline-services url-blacklisting statistics rulebase name rulebase_name

The following fields are displayed in support of this feature:

  • Rulebase Name

    • URL-Blacklisting Statistics

    • Blacklisted URL hits

    • Blacklisted URL misses

  • Total rulebases matched

Bulk Statistics

The following bulk statistics are added to the System schema in support of URL Blacklisting feature:

  • url-blacklisting-hits: Indicated the total number of URLs blacklisted.

  • url-blacklisting-misses: Indicated the total number blacklisted URLs missed.

SNMP Traps

The following SNMP trap are added in support of this feature:

  • BLDBError: Specifies the blacklisting OPTBLDB file error displayed with an error code.

  • BLDBErrorClear: Specifies the blacklisting OPTBLDB file error removed.

  • BLDBUpgradeError: Specifies the blacklisting OPTBLDB file error displayed with an error code.

  • BLDBUpgradeErrorClear: Specifies the Blacklisting OPTBLDB file error removed.