Configuring Web Reputation
This section describes how to configure the Web reputation feature.
Adding User-Defined Credible/Suspicious Websites
You can add websites with high reputation as user-defined credible websites and websites with low reputation as user-defined suspicious websites.
- Access the system view.
- Enable the Web reputation function.
file-frame web-reputation enable
The Web reputation function is disabled by default. Contents related to Web reputation can be configured or checked only after the Web reputation function is enabled.
- Add user-defined suspicious websites.
file-frame web-reputation add black-host host-text
The value is a string of 1 to 255 characters, without special character slash (/), back slash (\), number sign (#), double quotation mark ("), question mark (?), or space.
The domain names in the user-defined suspicious website list are the domain names of predefined websites and unknown websites in general. One of the functions of the user-defined suspicious website list is to change the category of predefined credible websites because the contents of the preset Web reputation library cannot be changed. You can add an predefined website to the user-defined suspicious website list if the website is recognized as a suspicious website.
- Add user-defined credible websites.
file-frame web-reputation add white-host host-text
The value is a string of 1 to 255 characters, without special character slash (/), back slash (\), number sign (#), double quotation mark ("), question mark (?), or space.
The domain names in the user-defined credible website list are the domain names of unknown websites in general. You can add a unknown website to the user-defined credible website list if the website is recognized as credible.
Add unknown websites as user-defined credible websites with cautions. Do not add a website to the user-defined website list unless the security of the website can be ensured.
- Commit the configurations for compilation.
After you configure Web reputation function/user-Defined credible/suspicious websites, the configurations do not take effect until you run the engine configuration commit command to commit them. To save time, you can submit the configuration after all operations on the profile and global configurations are complete.
Checking User-Defined Credible/Suspicious Website List
You can query the user-defined credible/suspicious website list before modifying the category when you are not sure whether a website is a user-defined credible or suspicious website.
- Enable the Web reputation function in system view.
file-frame web-reputation enable
The Web reputation function is disabled by default. Contents related to Web reputation can be configured or checked only after the Web reputation function is enabled.
- Check the user-Defined credible/suspicious website list
in any view.
display file-frame web-reputation { black-host | white-host }
Two examples are provided as follows:
# Display the user-defined credible website list.<sysname> display file-frame web-reputation white-host File-Frame Web-Reputation WhiteHost Table -------------------------------------------------- www.example.com 1.1.1.1# Display the user-defined suspicious website list.<sysname> display file-frame web-reputation black-host File-Frame Web-Reputation BlackHost Table -------------------------------------------------- www.example.com 1.1.1.1 - Modify the category of websites.
For user-defined suspicious websites, run the undo file-frame web-reputation add black-host [ host-text ] command in the system view to delete specific or all suspicious websites.
For user-defined credible websites:
Run the undo file-frame web-reputation add white-host [ host-text ] command in the system view to delete specific or all credible websites.
Run the file-frame web-reputation add black-host host-text command in the system view to add a website to the user-defined suspicious website list.
The website is matched to a suspicious website because the matching priority of the user-defined suspicious website is higher than that of the user-defined credible website.
Querying Top N Accessed Websites
The access frequency and security of websites vary with time. Therefore, you must regularly check whether the categories of top N most accessed websites are correct, and adjust the categories or add the websites to the correct category.
- Enable the Web reputation function in system view.
file-frame web-reputation enable
The Web reputation function is disabled by default. Contents related to Web reputation can be configured or checked only after the Web reputation function is enabled.
- Check the statistics on top N most accessed domain names
in any view.
display file-frame web-reputation access-host statistics [ topn-number ]
An example is provided as follows:
# Display top 10 most accessed domain names.<sysname> display file-frame web-reputation access-host statistics 10 DLP Access Host TOPN Statistics --------------------------------------------------------------------------------------------- * TOP-N HOST * --------------------------------------------------------------------------------------------- TOP-N Host Counts Type --------------------------------------------------------------------------------------------- 1 example1 1000 white 2 example2 900 white 3 example3 800 unknown 4 example4 700 black 5 example5 600 white 6 example6 500 pre 7 example7 400 black 8 example8 300 black 9 example9 200 unknown 10 example10 100 pre ---------------------------------------------------------------------------------------------Table 1 Description of the display file-frame web-reputation access-host statistics command output Item Description DLP Access Host TOPN Statistics
Statistics of top N most accessed domain names
TOP-N HOST
Top N most accessed domain names
TOP-N
Ranking of accessed times
Host
Domain name
Counts
Counted accessed times
Type
Website categories:
- Modify the category of websites.
For predefined credible websites, run the file-frame web-reputation add black-host host-text command in the system view to add a website to the user-defined suspicious website list.
The website is matched to a suspicious website because the matching priority of the user-defined suspicious website is higher than that of the predefined credible website.
For user-defined suspicious websites, run the undo file-frame web-reputation add black-host [ host-text ] command in the system view to delete specific or all suspicious websites.
For user-defined credible websites:
Run the undo file-frame web-reputation add white-host [ host-text ] command in the system view to delete specific or all credible websites.
Run the file-frame web-reputation add black-host host-text command in the system view to add a website to the user-defined suspicious website list.
The website is matched to a suspicious website because the matching priority of the user-defined suspicious website is higher than that of the user-defined credible website.
-
Run the file-frame web-reputation add white-host host-text command in the system view to add a website to the user-defined credible website list.
Run the file-frame web-reputation add black-host host-text command in the system view to add a website to the user-defined suspicious website list.
- To count the top N most accessed websites again, run the reset file-frame web-reputation access-host statistics command in the user view to clear the statistics on accessed domain names.