Cisco Cisco Web Security Appliance S360 User Guide
7-5
AsyncOS 9.2 for Cisco Web Security Appliances User Guide
Chapter 7 Create Decryption Policies to Control HTTPS Traffic
Decryption Policies
Controlling HTTPS Traffic
After the Web Security appliance assigns an HTTPS connection request to a Decryption Policy group,
the connection request inherits the control settings of that policy group. The control settings of the
Decryption Policy group determine whether the appliance decrypts, drops, or passes through the
connection:
the connection request inherits the control settings of that policy group. The control settings of the
Decryption Policy group determine whether the appliance decrypts, drops, or passes through the
connection:
Option
Description
URL Categories
You can configure the action to take on HTTPS requests for each predefined
and custom URL category. Click the link under the URL Filtering column for
the policy group you want to configure.
and custom URL category. Click the link under the URL Filtering column for
the policy group you want to configure.
Note
If you want to block (with end-user notification) a particular URL
category for HTTPS requests instead of drop (with no end-user
notification), choose to decrypt that URL category in the Decryption
Policy group and then choose to block the same URL category in the
Access Policy group.
category for HTTPS requests instead of drop (with no end-user
notification), choose to decrypt that URL category in the Decryption
Policy group and then choose to block the same URL category in the
Access Policy group.
Web Reputation
You can configure the action to take on HTTPS requests based on the web
reputation score of the requested server. Click the link under the Web
Reputation column for the policy group you want to configure.
reputation score of the requested server. Click the link under the Web
Reputation column for the policy group you want to configure.
Default Action
You can configure the action the appliance should take when none of the other
settings apply. Click the link under the Default Action column for the policy
group you want to configure.
settings apply. Click the link under the Default Action column for the policy
group you want to configure.
Note
The configured default action only affects the transaction when no
decision is made based on URL category or Web Reputation score. If
Web Reputation filtering is disabled, the default action applies to all
transactions that match a Monitor action in a URL category. If Web
Reputation filtering is enabled, the default action is used only if the
Monitor action is selected for sites with no score.
decision is made based on URL category or Web Reputation score. If
Web Reputation filtering is disabled, the default action applies to all
transactions that match a Monitor action in a URL category. If Web
Reputation filtering is enabled, the default action is used only if the
Monitor action is selected for sites with no score.