Cisco Cisco Web Security Appliance S690 User Guide
C H A P T E R
10-1
Cisco AsyncOS 8.0.6 for Web User Guide
10
Create Decryption Policies to Control HTTPS
Traffic
Traffic
•
•
•
•
•
Overview of Create Decryption Policies to Control HTTP Traffic
Decryption policies define the handling of HTTPS traffic within the web proxy:
•
When to decrypt HTTPS traffic.
•
How to handle requests that use invalid or revoked security certificates.
You can create decryption policies to handle HTTPS traffic in the following ways:
•
Pass through encrypted traffic
•
Decrypt traffic and apply the content-based access policies defined for HTTP traffic. This also
makes malware scanning possible.
makes malware scanning possible.
•
Drop the HTTPS connection
•
Monitor the request (take no final action) as the web proxy continues to evaluate the request against
policies that may lead to a final drop, pass through, or decrypt action.
policies that may lead to a final drop, pass through, or decrypt action.
Caution
Handle personally identifiable information with care: If you choose to decrypt an end-user’s HTTPS
session, the Web Security appliance access logs and reports may contain personally identifiable
information. The Administrator can configure how much URI text is stored in the logs using the
session, the Web Security appliance access logs and reports may contain personally identifiable
information. The Administrator can configure how much URI text is stored in the logs using the
advancedproxyconfig
CLI command and the
HTTPS
subcommand. You can log the entire URI, or a
partial form of the URI with the query portion removed. However, even when you choose to strip the
query from the URI, personally identifiable information may still remain.
query from the URI, personally identifiable information may still remain.