You can set up an HTTP filter on your server's public interface to filter HTTP packets in the inbound or outbound direction. An inbound HTTP filter might be required to allow public access to specific Web servers in your private network. An outbound HTTP filter might be required to allow certain users to bypass proxy services and connect directly to origin Web servers.
This section contains the following tasks, complete the following steps:
Select , then click .
Press Ins to define a new exception.
If you are creating an inbound exception, complete the following:
Specify All Interfaces for the Source Interface parameter.
Specify the server's public interface for the Destination Interface parameter.
Press Enter for , then select www-http-st.
The www-http-st packet type is for HTTP over TCP. This packet type will not work for HTTP over UDP.
If you want the server to forward HTTP packets only from certain public hosts, specify Host or Network for the Src Addr Type parameter, then specify the IP address for the Src IP Address parameter; otherwise, leave the setting for Src Addr Type as Any Address.
If you want the server to forward HTTP packets only addressed to certain private hosts, specify Host or Network for the Dest Addr Type parameter, then specify the IP address for the Dest IP Address parameter; otherwise, leave the setting for Dest Addr Type as Any Address.
Press Esc select to save the filter.
If you are creating an outbound exception, complete the following:
Specify the server's private interface for the Source Interface parameter.
Specify the server's public interface for the Destination Interface parameter.
Press Enter for Packet Type then select www-http-st.
If you want the server to forward HTTP packets from certain private hosts only, specify Host or Network for the Src Addr Type parameter then specify the IP address for Src IP Address parameter; otherwise, leave the setting for Src Addr Type as Any Address.
If you want the server to forward HTTP packets addressed to certain public hosts only, specify Host or Network for the Dest Addr Type parameter then specify the IP address for the Dest IP Address parameter; otherwise, leave the setting for Dest Addr Type as Any Address.
Press Esc, then select to save the filter.
IMPORTANT:The outbound stateful HTTP filter does not allow packets for Domain Name System (DNS) name resolution to be forwarded to a DNS server on the public network. DNS names in URLs cannot be resolved unless you set up a DNS filter.
If you do not want to configure a stateful HTTP exception, you can create static filters instead. In the direction that HTTP requests will be sent, create one or both of the following static packet filter exceptions:
www-http (for HTTP over TCP)
www-http/udp (for HTTP over UDP)
Most browsers are configured to use HTTP over TCP, but they can also use HTTP over UDP. If you support browsers using HTTP over UDP, you should create both filters.
In the direction that HTTP responses will be sent, create one or both of the following static packet filter exceptions:
dynamic/tcp (for HTTP over TCP)
dynamic/udp (for HTTP over UDP)
The exceptions you create depend on which exceptions you created for the opposite direction of packet flow. If you have created exceptions for both www-http and www-http/udp, you should create filter exceptions for both dynamic/tcp and dynamic/udp. The dynamic port range is 1024 to 65,535.
IMPORTANT:These filters do not allow packets for DNS name resolution to be forwarded.