Custom Header Screen

From SonicOS 6.5.1 and later, you can configure the firewall as a web proxy server to control web service, such as preventing users from signing in to some web services using any accounts other than the accounts provided, or restricting the content viewable by users. The web proxy server adds a custom header to all traffic matched by the Content Filtering policy, and the header identifies the domains whose users can access the web services or the content that users can access. Encrypted HTTPS traffic is supported if DPI-SSL is enabled.

Before configuring the Custom Header, make sure that:

• Content Filter Service is enabled.
• Custom header insertion is enabled in the matched CFS profile object.
• DPI-SSL is enabled for custom header insertion with encrypted HTTPS requests.

To configure a CFS custom header and enable custom header insertion

1. Navigate to OBJECT | Profile Objects > Content Filter.
2. Click the Add icon.
3. Click Custom Header tab to display the Custom Header Insertion options.

4. Enable Custom Header Insertion option.

   

5. Click Add icon to configure the Domain, Key, and Value for the custom header entry.

   

   Domain is used to check if the host in an HTTP request is matched to an entry during packet handling. Key and Value are used to generate the right header for the entry when building runtime data for custom header insertion.

   Make sure that the Domain follows the conditions listed below:

   • Each domain name can contain up to 16 tokens separated by periods (.).
   • The domain name cannot start or end with separators.
   • Each token can contain up to 128 printable ASCII characters.
   • Tokens in a domain name can only contain the characters: 0-9a-zA-z$-_+!’(),.
   • IPv4/IPv6 addresses can be defined as a domain name, e.g. [2001:2002:2003::2005:2006].
6. Click Save.