Cisco Cisco Web Security Appliance S670 User Guide
5-39
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 5 Web Proxy Services
Advanced Proxy Configuration
Would you like to permit
tunneling of non-http
requests on http ports?
tunneling of non-http
requests on http ports?
Yes, No
(Boolean)
Yes
No
Choose whether or not to allow
non-HTTP traffic on ports the Web
Proxy is configured to monitor, such
as port 80. This option applies when
the Web Proxy is in transparent
mode.
non-HTTP traffic on ports the Web
Proxy is configured to monitor, such
as port 80. This option applies when
the Web Proxy is in transparent
mode.
Enabling this option blocks
applications that attempt to tunnel
non-HTTP traffic on ports typically
used for HTTP traffic.
applications that attempt to tunnel
non-HTTP traffic on ports typically
used for HTTP traffic.
Note
When a transaction is
blocked due to this setting,
the ACL decision tag for the
transaction is logged as
BLOCK_ADMIN_TUNNEL
ING.
blocked due to this setting,
the ACL decision tag for the
transaction is logged as
BLOCK_ADMIN_TUNNEL
ING.
Would you like to block
tunneling of non-SSL
transactions on SSL
Ports?
tunneling of non-SSL
transactions on SSL
Ports?
Yes, No
(Boolean)
No
No
Choose whether or not the Web
Proxy should block non-SSL traffic
on SSL ports.
Proxy should block non-SSL traffic
on SSL ports.
By default (when this feature is
disabled), when a client seeks to
connect to server on a configured
SSL port and the SSL handshake
with the server fails, the Web Proxy
tunnels the transaction.
disabled), when a client seeks to
connect to server on a configured
SSL port and the SSL handshake
with the server fails, the Web Proxy
tunnels the transaction.
Would you like proxy to
log values from
X-Forwarded-For
headers in place of
incoming connection IP
addresses?
log values from
X-Forwarded-For
headers in place of
incoming connection IP
addresses?
Yes, No
(Boolean)
No
No
Choose whether or not the access
logs should include the
X-Forwarded-For header value
instead of the IP address of the
incoming connection.
logs should include the
X-Forwarded-For header value
instead of the IP address of the
incoming connection.
Table 5-15
advancedproxyconfig CLI Command—Miscellaneous Options (continued)
Option
Valid
Values
Values
Default
Value
Value
Web Proxy
Must Restart
Must Restart
Description