Cisco Cisco Web Security Appliance S390 Betriebsanweisung
M A T C H I N G C L I E N T R E Q U E S T S T O A C C E S S P O L I C Y G R O U P S
C H A P T E R 8 : A C C E S S P O L I C I E S
153
Figure 8-1 Policy Group Flow Diagram for Access Policies
Receive request from client.
Apply the Access Policy group settings to the client request.
No
Is the client subnet in the policy group’s list of subnet(s) in the Advanced section?
Yes
Is the transaction assigned to one of the policy group’s configured Identities, or does
the policy group use “All Identities”?
Yes, or none defined
Yes, or none defined
Is the URL category of the request URL in the policy group’s list of URL categories
in the Advanced section?
Yes, or none defined
Is the proxy port in the policy group’s list of ports in the Advanced section?
No
No
No
Compare the client request against the next (or first) policy group in the policies table.
No
Yes
No
Is the current policy group the global policy?
Yes
No
Yes, or none defined
Is the user agent in the policy group’s list of user agents in the Advanced section?
Yes, or no time range defined
Is the current time in the policy group’s configured time range in the Advanced section?
No
Is the user one of the authorized users listed in the policy group?
(List of authorized users can be a list of user names, user groups, all authenticated
users, guest users, or All Users. If the policy group only uses Identities with no
authentication, then all clients are authorized.)
No
Is the protocol in the policy group’s list of protocol(s) in the Advanced section?
Yes, or none defined