Cisco Cisco Web Security Appliance S380 User Guide
11-2
AsyncOS 8.1 for Cisco Web Security User Guide
Chapter 11 Scan Outbound Traffic for Existing Infections
Understanding Upload Requests
Understanding Upload Requests
Outbound Malware Scanning Policies define whether or not the Web Proxy blocks HTTP requests and
decrypted HTTPS connections for transactions that upload data to a server (upload requests). An upload
request is an HTTP or decrypted HTTPS request that has content in the request body.
decrypted HTTPS connections for transactions that upload data to a server (upload requests). An upload
request is an HTTP or decrypted HTTPS request that has content in the request body.
When the Web Proxy receives an upload request, it compares the request to the Outbound Malware
Scanning policy groups to determine which policy group to apply. After it assigns the request to a policy
group, it compares the request to the policy group’s configured control settings to determine whether to
block the request or monitor the request. When an Outbound Malware Scanning Policy determines to
monitor a request, it is evaluated against the Access Policies, and the final action the Web Proxy takes
on the request is determined by the applicable Access Policy.
Scanning policy groups to determine which policy group to apply. After it assigns the request to a policy
group, it compares the request to the policy group’s configured control settings to determine whether to
block the request or monitor the request. When an Outbound Malware Scanning Policy determines to
monitor a request, it is evaluated against the Access Policies, and the final action the Web Proxy takes
on the request is determined by the applicable Access Policy.
Note
Upload requests that try to upload files with a size of zero (0) bytes are not evaluated against Outbound
Malware Scanning Policies.
Malware Scanning Policies.
Criteria for Group Membership
Each client request is assigned to an Identity and is then evaluated against the other policy types to
determine to which policy group it belongs for each type. The Web Proxy applies the configured policy
control settings to a client request based on the client request’s policy group membership.
determine to which policy group it belongs for each type. The Web Proxy applies the configured policy
control settings to a client request based on the client request’s policy group membership.
The Web Proxy follows a specific process for matching the group membership criteria. It considers the
following factors for group membership:
following factors for group membership:
Matching Client Requests to Outbound Malware Scanning Policy Groups
The Web Proxy compares the upload request status to the membership criteria of the first policy group.
If they match, the Web Proxy applies the policy settings of that policy group.
If they match, the Web Proxy applies the policy settings of that policy group.
If they do not match, the Web Proxy compares the upload request to the next policy group. It continues
this process until it matches the upload request to a user defined policy group. If it does not match a user
defined policy group, it matches the global policy group. When the Web Proxy matches the upload
request to a policy group or the global policy group, it applies the policy settings of that policy group.
this process until it matches the upload request to a user defined policy group. If it does not match a user
defined policy group, it matches the global policy group. When the Web Proxy matches the upload
request to a policy group or the global policy group, it applies the policy settings of that policy group.
Criteria
Description
Identity
Each client request either matches an Identity, fails authentication and is granted
guest access, or fails authentication and is terminated
guest access, or fails authentication and is terminated
Authorized users
If the assigned Identity requires authentication, the user must be in the list of
authorized users in the Outbound Malware Scanning Policy group to match the
policy group. The list of authorized users can be any of the specified groups or
users or can be guest users if the Identity allows guest access
authorized users in the Outbound Malware Scanning Policy group to match the
policy group. The list of authorized users can be any of the specified groups or
users or can be guest users if the Identity allows guest access
Advanced options
You can configure several advanced options for Outbound Malware Scanning
Policy group membership. Some options, such as proxy port and URL category,
can also be defined within the Identity. When an advanced option is configured in
the Identity, it is not configurable in the Outbound Malware Scanning Policy
group level
Policy group membership. Some options, such as proxy port and URL category,
can also be defined within the Identity. When an advanced option is configured in
the Identity, it is not configurable in the Outbound Malware Scanning Policy
group level