Cisco Cisco Web Security Appliance S360 Troubleshooting Guide
How do you block unknown applications on Cisco
Web Security Appliance?
Web Security Appliance?
Document ID: 118486
Contributed by Khoa Nguyen and Siddharth Rajpathak, Cisco TAC
Engineers.
Engineers.
Oct 14, 2014
Contents
Question
Question
How do you block unknown applications on Cisco Web Security Appliance?
Note: This Knowledge Base article references software which is not maintained or supported by Cisco . The
information is provided as a courtesy for your convenience. For further assistance, please contact the software
vendor.
information is provided as a courtesy for your convenience. For further assistance, please contact the software
vendor.
The first defense is to use "User Agent" strings to block such applications. Since we do not know all
the user−agents for these application, you will need to search them on the links below.
the user−agents for these application, you will need to search them on the links below.
We can add the "User−Agent" under Web Security Manager > Access Policies > Protocols
and User Agents' column <for the required access policy>.
and User Agents' column <for the required access policy>.
♦
−−> Add the user agent string under 'Block Custom User Agents:' (one per line).
♦
1.
If Application Visibility Controls (AVC) are enabled (Under GUI > Security Services > Web
Reputation and Anti−Malware), then we can block access based on application types like Proxies,
File Sharing, Internet utilities. We can do this under Web Security Manager > Access Policies >
'Applications' column <for the required access policy>.
Reputation and Anti−Malware), then we can block access based on application types like Proxies,
File Sharing, Internet utilities. We can do this under Web Security Manager > Access Policies >
'Applications' column <for the required access policy>.
2.
If the User Agent does not exist, you can attempt to add the MIME type (Example: bit torrents
applications).
applications).
We can add "MIME" types under Web Security Manager > Web Access Policies >
Objects column <for the required access policy> .
Objects column <for the required access policy> .
♦
−−−> Add in the object/mime type in 'Block Custom MIME Types' section like
application/x−bittorrent (one per line).
application/x−bittorrent (one per line).
♦
3.
Ensure that the categories like Filter Avoidance, Illegal Activities are blocked in access policies. If
some applications use known URLs or IP addresses for their connections, then we can block their
assocaited predefined URL categories or configure them in a blocked custom URL category using
their IP address, FQDN, or a regex matching the domains. We can do this under Web Security
Manager > Access Policies > "URL Categories" column.
some applications use known URLs or IP addresses for their connections, then we can block their
assocaited predefined URL categories or configure them in a blocked custom URL category using
their IP address, FQDN, or a regex matching the domains. We can do this under Web Security
Manager > Access Policies > "URL Categories" column.
4.
Some applications can use the HTTP CONNECT method to connect to different ports. Only allow
known ports or specific ports needed in your environment in the HTTP CONNECT ports
configuration domains.
known ports or specific ports needed in your environment in the HTTP CONNECT ports
configuration domains.
HTTP CONNECT can be configured under Web Security Manager > Access Policies >
♦
5.