< Home

http x-online-host check

Function

The http x-online-host check command enables detection of the X-Online-Host field in HTTP packets.

The undo http x-online-host check command disables detection of the X-Online-Host field in HTTP packets.

Format

http x-online-host check { any | blacklist | multiple } action { alert | block }

undo http x-online-host check

Parameters

Parameter Description Value

any

When an HTTP packet contains the X-Online-Host field, an anomaly is detected.

-

blacklist

Detects whether the domain name or IP address in an X-Online-Host field matches the blacklist. If yes, an anomaly is detected.

-

multiple

When an HTTP packet contains two or more X-Online-Host fields, an anomaly is detected.

-

action

Specifies the action.

-

alert

When the X-Online-Host field in an HTTP packet is abnormal, the packet is permitted, and a log is recorded.

-

block

When the X-Online-Host field in an HTTP packet is abnormal, the packet is blocked, and a log is recorded.

-

Views

Intrusion prevention profile view

Default Level

2: Configuration level

Usage Guidelines

If you have configured the detection of whether the domain name or IP address in the X-Online-Host field matches a blacklist (blacklist), you need also to run the http x-online-host blacklist command to configure such a blacklist.

By default, this function is disabled.

Example

# In IPS profile profile1, enable detection of the X-Online-Host field in HTTP packets and set the action to block if the packets contain such a field.

<sysname> system-view
[sysname] profile type ips name profile1
[sysname-profile-ips-profile1] http x-online-host check any action block
Parent Topic: Intrusion Prevention Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >