摘要 |
Methods and systems for processing application-level content of network service protocols are described. According to one embodiment, a firewall device maintains a policy database including multiple policies. The policies includes information regarding an action to take with respect to a network session based on a set of source internet protocol (IP) addresses, a set of destination IP addresses and/or a network service protocol. When the action is to allow the network session, the policy also includes information regarding a configuration scheme defining administrator-configurable content filtering processes to be performed on traffic associated with the network session. Policy-based content filtering is performed by the firewall device by (i) identifying a matching policy for the network session at issue; (ii) identifying multiple content filtering processes to be performed on the traffic based on the configuration scheme associated with the matching policy; and (iii) applying the identified content filtering processes on the traffic. |