You can set up an HTTP filter on your server's public interface to filter HTTP packets in the inbound or outbound direction. An inbound HTTP filter might be required to allow public access to specific Web servers in your private network. An outbound HTTP filter might be required to allow certain users to bypass proxy services and connect directly to origin Web servers.
This section contains the following tasks:
To set up a stateful HTTP filter exception,
Select Configure TCP/IP Filters > Packet Forwarding Filters > Exceptions.
Press Ins to define a new exception.
If you are creating an inbound exception, do the following:
Specify All Interfaces for the Source Interface parameter.
Specify the server's public interface for the Destination Interface parameter.
Press Enter for Packet Type > select www-http-st.
NOTE: The www-http-st packet type is for HTTP over TCP. This packet type will not work for HTTP over UDP.
If you want the server to forward HTTP packets from certain public hosts only, specify Host or Network for the Src Addr Type parameter > enter the IP address for the Src IP Address parameter; otherwise, leave the setting for Src Addr Type as Any Address.
If you want the server to forward HTTP packets addressed to certain private hosts only, specify Host or Network for the Dest Addr Type parameter > enter the IP address for the Dest IP Address parameter; otherwise, leave the setting for Dest Addr Type as Any Address.
Press Esc > select Yes to save the filter.
If you are creating an outbound exception, do the following:
Specify the server's private interface for the Source Interface parameter.
Specify the server's public interface for the Destination Interface parameter.
Press Enter for Packet Type > select www-http-st.
If you want the server to forward HTTP packets from certain private hosts only, specify Host or Network for the Src Addr Type parameter > enter the IP address for Src IP Address parameter; otherwise, leave the setting for Src Addr Type as Any Address.
If you want the server to forward HTTP packets addressed to certain public hosts only, specify Host or Network for the Dest Addr Type parameter > enter the IP address for the Dest IP Address parameter; otherwise, leave the setting for Dest Addr Type as Any Address.
Press Esc > select Yes to save the filter.
IMPORTANT: The outbound stateful HTTP filter does not allow packets for Domain Name System (DNS) name resolution to be forwarded to a DNS server on the public network. DNS names in URLs cannot be resolved unless you set up a DNS filter.
If you do not want to configure a stateful HTTP exception, you can create static filters instead.
In the direction that HTTP requests will be sent, create one or both of the following static packet filter exceptions:
Most browsers are configured to use HTTP over TCP, but they can also use HTTP over UDP. If you support browsers using HTTP over UDP, you should create both filters.
In the direction that HTTP responses will be sent, create one or both of the following static packet filter exceptions:
The exceptions you create depend on which exceptions you created for the opposite direction of packet flow. If you created exceptions for both www-http and www-http/udp, you should create filter exceptions for both dynamic/tcp and dynamic/udp. The dynamic port range is 1024 to 65,535.
IMPORTANT: These filters do not allow packets for DNS name resolution to be forwarded.