Cisco Cisco Web Security Appliance S390 Betriebsanweisung
158
I R O N P O R T A S Y N C O S 6 . 3 F O R W E B U S E R G U I D E
Figure 8-3 Applying Access Policy Actions
Is the URL category of the request URL in the Access Policy
group’s list of custom URL categories?
No
Yes, action
is Block.
is Block.
Allow the connection.
Is the request on a blocked HTTP CONNECT port?
No, continue to monitor.
Yes
Block the connection.
Is the URL category of the request URL in the Access Policy
group’s list of predefined URL categories?
No, or Yes, action
is Monitor.
is Monitor.
Is the request coming from a blocked custom user agent?
No, continue to monitor.
Yes
Is the request using a blocked protocol?
No, continue to monitor.
Yes
Does the reputation score of the destination server indicate
to block or scan the connection?
Yes, action is Scan.
Does the malware scanning verdict based on the URL
request indicate to block the connection request?
No, continue to monitor.
Yes
No
Does the malware scanning verdict based on the response
indicate to block the response?
No
Yes
Fetch the response from the server or cache.
Is the response a blocked MIME type?
No
Yes
Does the reputation score of the destination server indicate
to allow the connection?
No
Yes
Is the response size larger than the maximum allowed?
No
Yes
Yes, action
is Allow.
is Allow.
Redirect the connection.
Receive request from client.
Is the request coming from a blocked suspect user agent?
No, continue to monitor.
Yes
Did the user
accept the
warning?
Yes, action
is Block.
is Block.
Yes, action
is Warn.
is Warn.
Yes, action
is Block.
is Block.
Yes, action
is Warn.
is Warn.
Yes
No
Yes, action
is Redirect.
is Redirect.
Yes, action is Monitor