Cisco Cisco Web Security Appliance S160 User Guide
8-11
AsyncOS 8.1 for Cisco Web Security User Guide
Chapter 8 Classify URLs for Policy Application
Filtering Transactions Using URL Categories
•
•
Configuring URL Filters for Decryption Policy Groups
You can configure URL filtering for user defined Decryption Policy groups and the global Decryption
Policy group.
Policy group.
Step 1
Choose Web Security Manager > Decryption Policies.
Step 2
Click the link in the policies table under the URL Categories column for the policy group you want to
edit.
edit.
Step 3
(Optional) In the Custom URL Category Filtering section, you can add custom URL categories on which
to take action in this policy:
to take action in this policy:
a.
Click Select Custom Categories.
b.
Choose which custom URL categories to include in this policy and click Apply.
Choose which custom URL categories the URL filtering engine should compare the client request
against. The URL filtering engine compares client requests against included custom URL
categories, and ignores excluded custom URL categories. The URL filtering engine compares the
URL in a client request to included custom URL categories before predefined URL categories.
against. The URL filtering engine compares client requests against included custom URL
categories, and ignores excluded custom URL categories. The URL filtering engine compares the
URL in a client request to included custom URL categories before predefined URL categories.
The custom URL categories included in the policy appear in the Custom URL Category Filtering
section.
section.
Step 4
Choose an action for each custom and predefined URL category.
Action
Description
Use Global
Setting
Setting
Uses the action for this category in the global Decryption Policy group. This is the
default action for user defined policy groups.
default action for user defined policy groups.
Applies to user defined policy groups only.
When a custom URL category is excluded in the global Decryption Policy, then the
default action for included custom URL categories in user defined Decryption
Policies is Monitor instead of Use Global Settings. You cannot choose Use Global
Settings when a custom URL category is excluded in the global Decryption Policy.
default action for included custom URL categories in user defined Decryption
Policies is Monitor instead of Use Global Settings. You cannot choose Use Global
Settings when a custom URL category is excluded in the global Decryption Policy.
Pass Through
Passes through the connection between the client and the server without inspecting
the traffic content.
the traffic content.
Monitor
The Web Proxy neither allows nor blocks the request. Instead, it continues to
evaluate the client request against other policy group control settings, such as web
reputation filtering.
evaluate the client request against other policy group control settings, such as web
reputation filtering.
Decrypt
Allows the connection, but inspects the traffic content. The appliance decrypts the
traffic and applies Access Policies to the decrypted traffic as if it were a plain text
HTTP connection. By decrypting the connection and applying Access Policies, you
can scan the traffic for malware.
traffic and applies Access Policies to the decrypted traffic as if it were a plain text
HTTP connection. By decrypting the connection and applying Access Policies, you
can scan the traffic for malware.
Drop
Drops the connection and does not pass the connection request to the server. The
appliance does not notify the user that it dropped the connection.
appliance does not notify the user that it dropped the connection.