Content Filtering Service Configuration


Content Filtering Service Configuration
This chapter describes how to configure content filtering support with ECS.
In this chapter, only the minimum set of configurations required to make the system operational with content filtering services are provided. Additional configuration commands specific to the content filtering service are available in the Command Line Interface Reference.
The following topics are described in this chapter:
l
l
l
l
l
l
l
l
l
Configuring the System for Content Filtering Support
This section lists the high-level steps to configure a system with Content Filtering service in conjunction with the Enhanced Charging Services.
*CAUTION: Before proceeding with the configuration, refer the Additional Requirements on Chassis for Content Filtering section of the Content Filtering Support Overview chapter for the minimum system requirements. If the system has less than two PACs/PSCs, Content Filtering service cannot be activated on the system.
To configure the system for Content Filtering service:
1
2
l
–and/or–
l
3
Initial Configuration
1
2
3
4
Create the service within the newly created context by applying the example configuration in the Service Configuration chapter of the ST-series System Administration Guide.
Activating PACs
The following example activates two PACs, placing one in “active” mode and labeling the other as redundant:
configure
card slot_number
redundancy card-mode
exit
card slot_number
mode active pac
end
Modifying the Local Context
The following example sets the default subscriber in the local context:
configure
context local
interface local_ctx_iface_name
ip address ip_address ip_mask
exit
server ftpd
exit
server telnetd
exit
subscriber default
exit
administrator name encrypted password password ftp
ip route ip_addr ip_mask next_hop_addr local_ctx_iface_name
exit
port ethernet slot#/port#
no shutdown
bind interface local_ctx_iface_name local
exit
end
Creating the VPN Context
The following example creates the VPN context and interface and binds the VPN interface to a configured Ethernet port.
configure
context vpn_context_name -noconfirm
interface vpn_interface_name
ip address ip_address ip_mask
exit
subscriber default
exit
ip route 0.0.0.0 0.0.0.0 next_hop_address vpn_interface_name
exit
port ethernet slot_number/port_number
no shutdown
bind interface vpn_interface_name vpn_context_name
end
URL Blacklisting Configuration
This section describes steps to configure the system for URL Blacklisting support.
1
2
3
4
5
Enabling ACS Subsystem
Use the following configuration to enable the Active Charging Service subsystem for URL Blacklisting:
configure
require active-charging
end
Configuring URL Blacklisting Database Parameters
Use the following configuration to configure URL Blacklisting database parameters:
configure
url-blacklisting database directory path <directory_path>
url-blacklisting database max-versions <max_versions>
url-blacklisting database override file <file.extension>
end
Creating Active Charging Service and Setting URL Blacklisting Matching
Use the following configuration to create the Active Charging Service and set URL Blacklisting match:
configure
active-charging service <service_name> [ -noconfirm ]
url-blacklisting match-method { exact | generic }
end
Enabling URL Blacklisting in Rulebase and Configuring Blacklisting Action
Use the following configuration to enable URL Blacklisting in a rulebase and configure the blacklisting action:
configure
active-charging service <service_name>
rulebase <rulebase_name> [ -noconfirm ]
url-blacklisting action { discard | redirect-url <url> | terminate-flow | www-reply-code-and-terminate-flow <reply_code> }
end
Loading/Upgrading URL Blacklisting Database
Use the following command to load/upgrade the URL Blacklisting database:
upgrade url-blacklisting database [ -noconfirm ]
Testing URL Blacklisting Functionality
The URL Blacklisting functionality can be tested by appending test URLs/URIs to the blacklist file. The test URLs/URIs must be added to the testurldb.pub file in the <WEM_Install_Dir>/flash/blacklist/testurldb directory.
The testurldb.pub file must have one URL per line without space. If space is included in the URL entries, the WEM ignores the URLs with space.
Category-based Content Filtering Configuration
This section describes the steps to configure the system for Category-based Content Filtering support.
1
Enable the Enhanced Charging mode for Category-based Static or Category-based Static-and-Dynamic Content Filtering by applying the example configuration in the Enabling ACS Subsystem section.
2
Configure the global parameters like database path and version for Content Filtering service by applying the example configuration in the Configuring Content Rating Rule Database Parameters section. This is an optional step. In case this configuration is not performed, the default values will be used.
3
4
5
Optional. Create billing and charging actions by applying the example configuration in the Configuring Enhanced Charging Services chapter of the Enhanced Charging Services Configuration Guide.
6
Optional. Define rule definitions by applying the example configuration in the Configuring Enhanced Charging Services chapter of the Enhanced Charging Services Configuration Guide.
7
Create and configure the rulebases by applying the example configuration in the Configuring Rulebase for Content Filtering section. For more information on rulebase configuration, refer to the ECS Configuration in Enhanced Charging Services Configuration Guide.
8
9
Enabling ACS Subsystem
Use the following configuration to enable the ACS subsystem with Category-based Static or Category-based Static-and-Dynamic Content Filtering:
configure
require active-charging content-filtering category [ static-and-dynamic ]
end
Notes:
l
require active-charging content-filtering category
l
require active-charging content-filtering category static-and-dynamic
Configuring Content Rating Rule Database Parameters
Use the following configuration to configure Content Rating Rule database parameters:
configure
content-filtering category database directory path <directory_path>
content-filtering category database max-versions <max_versions>
content-filtering category database override file <file.extension>
end
upgrade content-filtering category { database | rater-pkg }
Notes:
l
upgrade content-filtering category rater-pkg
Creating Active Charging Service and Content Filtering Policy
Use the following configuration to create the Active Charging Service and Content Filtering Policy:
configure
active-charging service <service_name> [ -noconfirm ]
content-filtering category policy-id <cf_policy_id> [ description <description> ] [ -noconfirm ]
end
Configuring Content Filtering Policy
Use the following configuration to configure the content filtering policy:
configure
active-charging service <service_name>
content-filtering category policy-id <cf_policy_id>
analyze priority <priority> { all | category <category> | x-category <x-category> } action { allow | content-insert <content_string> | discard | redirect-url <url> | terminate-flow | www-reply-code-and-terminate-flow <reply_code> } [ edr <edr_format> ]
failure-action { allow | content-insert <content_string> | discard | redirect-url <url> | terminate-flow | www-reply-code-and-terminate-flow <reply_code> } [ edr <edr_format> ]
end
Notes:
l
analyze priority <priority> x-category <x-category> action { allow | content-insert <content_string> | discard | redirect-url <url> | terminate-flow | www-reply-code-and-terminate-flow <reply_code> } [ edr <edr_format> ]
l
To configure the action to take for any match, and the default action to take when the category returned after rating is not configured in the subscriber’s content filtering policy, use the following command:
analyze priority <priority> all action { allow | content-insert <content_string> | discard | redirect-url <url> | terminate-flow | www-reply-code-and-terminate-flow <reply_code> } [ edr <edr_format> ]
Configuring Rulebase for Content Filtering
Use the following configuration to configure the rulebase:
configure
active-charging service <service_name>
rulebase <rulebase_name>
route priority <route_priority> ruledef <ruledef_name> analyzer <analyzer_name> [ description <description> ]
action priority <priority> { [ dynamic-only | static-and-dynamic ] { group-of-ruledefs <group_name> | ruledef <ruledef_name> } charging-action <charging_action_name> [ description <description> ] }
flow end-condition content-filtering edr <edr_format_name>
billing-records { egcdr | radius | udr udr-format <format_name> }+
content-filtering category policy-id <cf_policy_id>
content-filtering mode category { static-only | static-and-dynamic }
end
Notes:
l
content-filtering mode category static-and-dynamic
l
Before enabling static-and-dynamic rating in the rulebase, it must be enabled at the global level as the resources required for dynamic rating are allocated at the global level. To enable static-and-dynamic rating at the global level, in the Global Configuration Mode, use the following command:
require active-charging content-filtering category static-and-dynamic
Enabling Category-based Content Filtering Support
APN Configuration
Use the following configuration to apply Content Filtering configuration to an APN through policy identifier:
configure
context <context_name>
apn <apn_name>
content-filtering category policy-id <cf_policy_id>
end
Subscriber Configuration
Use the following configuration to apply Content Filtering configuration to a subscriber through policy identifier:
configure
context <context_name>
subscriber name <user_name>
content-filtering category policy-id <cf_policy_id>
end
 
*IMPORTANT: Category Policy ID applied to APN or subscriber in this mode overrides the Category Policy ID configured using the “content-filtering category policy-id cf_policy_id” command in the Configuring Rulebase for Content Filtering section.
Configuring Event Detail Record (EDR)
This section describes how to configure Category-based Content Filtering EDR settings. The system does not generate URL Blacklisting specific EDRs.
To configure Category-based Content Filtering EDR settings:
1
2
3
Optional. Enable charging record retrieval by applying the example configuration in the Charging Record Retrieval section of ECS Configuration Guide.
EDR Module Configuration
Use the following configuration to enable EDR module and configure the file for EDR generation in Content Filtering services:
configure
context <context_name>
edr-module active-charging-service
file [ edr-format-name ] [ name <file_name> ] +
end
Notes:
l
For more information on keywords/options available with the file command, refer to the EDR Module Configuration Mode Commands chapter in the Command Line Interface Reference.
EDR Attribute Configuration
Use the following configuration to configure attributes and rule-variables for EDRs for Content Filtering services:
configure
active-charging service <service_name>
edr-format <edr_format_name>
attribute <attribute> priority <priority>
rule-variable <protocol> <rule> priority <priority>
end
Notes:
l
For more information on options available with attribute and rule-variable commands, refer to the EDR Format Configuration Mode Commands chapter of the Command Line Interface Reference.
Saving the Configuration
To save the changes made to the system configuration for Content Filtering service, refer to the Saving Your Configuration chapter.
Verifying the Configuration
This section describes how to review the configurations after saving them in a .cfg file as described in the Saving Your Configuration chapter, and to retrieve errors and warnings within an active configuration for a service.
Viewing System Configuration
Use the following configuration to view the active configuration for a service:
configure
context <context_name>
end
show configuration
Viewing Service Configuration Errors
Use the following configuration to view the errors in configuration for a service:
configure
context <context_name>
end
show configuration errors verbose
This command also shows the ambiguities in configurations with Content Filtering service, category, and rulebase configuration. Warnings/errors are displayed in the following scenarios:
l
Warning: When “require active-charging content-filtering category” CLI command is not activated and any Content Filtering configurations are done
l
l
l
l
l
l
l
l
l
Gathering Statistics
This section explains how to gather statistics and configuration information for:
l
l
URL Blacklisting Statistics
This section explains how to gather URL Blacklisting statistics and configuration information.
In the following table, the first column lists what statistics to gather, the second column lists the action to perform, and the third column describes what information is displayed or what information to look for in the resulting output.
 
To view URL Blacklisting statistics, optionally for rulebase(s).
show active-charging url-blacklisting statistics [ rulebase { all | name rulebase_name } ] [ verbose ] [ | { grep grep_options | more } ]
To view URL Blacklisting static database configuration.
show url-blacklisting database [ all | url url | facility acsmgr { all | instance instance } ] [ | { grep grep_options | more } ]
To view total Blacklisting URL hits and misses statistics, optionally for rulebase(s) or specific ACS instance.
show active-charging subsystem { all | facility acsmgr [ all | instance instance ] | full } | [ rulebase name rulebase_name ] | [ | { grep grep_options | more } ]
To view information for rulebase(s) configured in a system or service.
show active-charging rulebase { all [ service name svc_name ] | name rulebase_name [ service name svc_name ] | statistics [ name rulebase_name ] } | [ | { grep grep_options | more } ]
Category-based Content Filtering Statistics
This section explains how to gather Category-based Content Filtering statistics and configuration information.
In the following table, the first column lists what statistics to gather, the second column lists the action to perform, and the third column describes what information is displayed or what information to look for in the resulting output.
*IMPORTANT: For more information on Content Filtering statistics collection, refer to the Exec Mode Commands chapter of the Command Line Interface Reference.
 
To view Category-based Content Filtering database statistics/configuration.
show content-filtering category database [ active | all | facility srdbmgr { all | instance instance } | url url_string ] [ verbose ] [ | { grep grep_options | more } ]
To view Category-based Content Filtering category statistics.
show content-filtering category statistics [ facility srdbmgr { all | instance instance } ] [ | { grep grep_options | more } ]
To view information of a database URL for Category-based Content Filtering application in a service
show content-filtering category url url_string [ policy-id cf_policy_id | rulebase rulebase_name ] [ verbose ] [ | { grep grep_options | more } ]
To view Content Filtering Server Group (CFSG) details configured in the service.
show content-filtering server-group [ statistics ] [ name cfsg_name ] [ | { grep grep_options | more } ]
To view Category-based Content Filtering category policy definitions
show active-charging content-filtering category policy-id { all | id policy_id } [ | { grep grep_options | more } ]
To view Category-based Content Filtering statistics, optionally for rulebase(s).
show active-charging content-filtering category statistics [ rulebase { name rulebase_name | all } ] [ verbose ] [ | { grep grep_options | more } ]
To view details of Content Filtering Server Group (CFSG) configured in the service.
show active-charging content-filtering server-group [ statistics [ verbose ] ] [ name cfsg_name ] [ | { grep grep_options | more } ]
To view information for rulebase(s) configured in a system or service.
show active-charging rulebase { all [ service name svc_name ] | name rulebase_name [ service name svc_name ] | statistics [ name rulebase_name ] } | [ | { grep grep_options | more } ]
Supported Bulk Statistics
For information on bulk statistics configuration and collection, and the list of bulk statistics for the Content Filtering service, refer to the Bulk Statistics Configuration Mode Commands chapter of the Command Line Interface Reference.
Supported Thresholds and SNMP Traps
For information on the SNMP traps and thresholds for the Content Filtering service, see the Content Filtering Application MIB chapter of the SNMP MIB Reference.
 

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883