Cisco Cisco Web Security Appliance S670 User Guide

The access log file entries aggregate and display the results of the various scanning engines, such as URL 
filtering, Web Reputation filtering, and anti-malware scanning. The appliance displays this information 
in angled brackets at the end of each access log entry. 

MONITOR_IDS

The Web Proxy scanned the upload request using either a 
Data Security Policy or an External DLP Policy, but did not 
block the request. It evaluated the request against the 
Access Policies.

MONITOR_SUSPECT_USER_AGENT 

The Web Proxy monitored the transaction based on the 
Suspect User Agent setting for the Access Policy group.

MONITOR_WBRS 

The Web Proxy monitored the transaction based on the Web 
Reputation filter settings for the Access Policy group.

NO_AUTHORIZATION

The Web Proxy did not allow the user access to the 
application because the user was already authenticated 
against an authentication realm, but not against any 
authentication realm configured in the Application 
Authentication Policy.

NO_PASSWORD

The user failed authentication.

PASSTHRU_ADMIN

The Web Proxy passed through the transaction based on 
some default settings for the Decryption Policy group.

PASSTHRU_WEBCAT

The Web Proxy passed through the transaction based on 
URL category filtering settings for the Decryption Policy 
group.

PASSTHRU_WBRS

The Web Proxy passed through the transaction based on the 
Web Reputation filter settings for the Decryption Policy 
group.

REDIRECT_CUSTOMCAT

The Web Proxy redirected the transaction to a different 
URL based on a custom URL category in the Access Policy 
group configured to “Redirect.”

SAAS_AUTH

The Web Proxy allowed the user access to the application 
because the user was authenticated transparently against the 
authentication realm configured in the Application 
Authentication Policy. 

OTHER

The Web Proxy did not complete the request due to an error, 
such as an authorization failure, server disconnect, or an 
abort from the client.