Analysis of application-layer filtering policies with application to HTTP