Cisco Cisco Web Security Appliance S160 User Guide
16-13
Cisco IronPort AsyncOS 7.5 for Web User Guide
Chapter 16 Notifying End Users
End-User Acknowledgement Page
Consider the following rules and guidelines when enabling the end-user acknowledgement page:
•
When a user is tracked by IP address, the appliance uses the shortest value for maximum time
interval and maximum IP address idle timeout to determine when to display the end-user
acknowledgement page again.
interval and maximum IP address idle timeout to determine when to display the end-user
acknowledgement page again.
Surrogate Type
The Surrogate Type determines which method the Web Proxy uses to track
the user:
the user:
•
IP Address. If you select IP Address, the Web Proxy allows the user at
that IP address to use any web browser or non-browser HTTP process to
access the web once the user clicks the link on the end-user
acknowledgement page. Tracking the user by IP address allows the user
to access the web until the Web Proxy displays a new end-user
acknowledgement page due to inactivity or the configured time interval
for new acknowledgements. Unlike tracking by a session cookie,
tracking by IP address allows the user to open up multiple web browser
applications and not have to agree to the end-user acknowledgement
unless the configured time interval has expired.
that IP address to use any web browser or non-browser HTTP process to
access the web once the user clicks the link on the end-user
acknowledgement page. Tracking the user by IP address allows the user
to access the web until the Web Proxy displays a new end-user
acknowledgement page due to inactivity or the configured time interval
for new acknowledgements. Unlike tracking by a session cookie,
tracking by IP address allows the user to open up multiple web browser
applications and not have to agree to the end-user acknowledgement
unless the configured time interval has expired.
Note: When IP address is configured and the user is authenticated, the
Web Proxy tracks users by username instead of IP address.
Web Proxy tracks users by username instead of IP address.
•
Session Cookie. If you select Session Cookie, the Web Proxy sends the
user’s web browser a cookie when the user clicks the link on the
end-user acknowledgement page and uses the cookie to track their
session. Users can continue to access the web using their web browser
until the Time Between Acknowledgements value expires, they have
been inactive longer than the allotted time, or they close their web
browser. You might want to use session cookies to prevent non-browser
HTTP client applications from accessing the web without the end user’s
knowledge, such as malware clients.
user’s web browser a cookie when the user clicks the link on the
end-user acknowledgement page and uses the cookie to track their
session. Users can continue to access the web using their web browser
until the Time Between Acknowledgements value expires, they have
been inactive longer than the allotted time, or they close their web
browser. You might want to use session cookies to prevent non-browser
HTTP client applications from accessing the web without the end user’s
knowledge, such as malware clients.
If the user using a non-browser HTTP client application, they must be
able to click the link on the end-user acknowledgement page to access
the web. If the user opens a second web browser application, the user
must go through the end-user acknowledgement process again in order
for the Web Proxy to send a session cookie to the second web browser.
able to click the link on the end-user acknowledgement page to access
the web. If the user opens a second web browser application, the user
must go through the end-user acknowledgement process again in order
for the Web Proxy to send a session cookie to the second web browser.
Note: Using a session cookie to track users when the client accesses
HTTPS sites or FTP servers using FTP over HTTP does not work. For
more information on working around these issues, see
HTTPS sites or FTP servers using FTP over HTTP does not work. For
more information on working around these issues, see
Custom message
The custom message is text you enter that appears on every end-user
acknowledgement page. You can include some simple HTML tags to format
the text. For example, you can change the color and size of the text, or make
it italicized. See
acknowledgement page. You can include some simple HTML tags to format
the text. For example, you can change the color and size of the text, or make
it italicized. See
for more
information.
Note
You can only include a custom message when you configure the
end-user acknowledgement page in the web interface, versus the
CLI.
end-user acknowledgement page in the web interface, versus the
CLI.
Table 16-5
End-User Acknowledgement Page Settings
Setting
Description