Cisco Cisco Web Security Appliance S690 User Guide
5-3
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 5 Web Proxy Services
Web Proxy Deployment Options
Web Proxy Deployment Options
You can configure the Web Proxy as one of the following types:
•
Transparent Proxy. When the appliance is configured as a transparent proxy, clients are unaware
of the Web Proxy. Client applications, such as web browsers, do not have to be configured to
accommodate the appliance. You might want to configure the appliance as a transparent proxy
because it eliminates the possibility of users reconfiguring their web browsers to bypass the
appliance without knowledge of the administrator. To configure the appliance as a transparent proxy,
you must connect it to an Layer 4 switch or a WCCP router.
of the Web Proxy. Client applications, such as web browsers, do not have to be configured to
accommodate the appliance. You might want to configure the appliance as a transparent proxy
because it eliminates the possibility of users reconfiguring their web browsers to bypass the
appliance without knowledge of the administrator. To configure the appliance as a transparent proxy,
you must connect it to an Layer 4 switch or a WCCP router.
For information about how to configure the appliance when you configure the proxy in transparent
mode, see
mode, see
.
•
Explicit Forward Proxy. In an explicit forward proxy configuration, the appliance acts on behalf
of client web browsers to handle requests for servers on the web. Users must configure their web
browsers to point to a single Web Security appliance. You might want to configure the appliance as
an explicit forward proxy if you do not have an Layer 4 switch or a WCCP router.
of client web browsers to handle requests for servers on the web. Users must configure their web
browsers to point to a single Web Security appliance. You might want to configure the appliance as
an explicit forward proxy if you do not have an Layer 4 switch or a WCCP router.
You can use the Web Security appliance in a network that includes another proxy server. For more
information about how to deploy and configure the appliance when the network contains another proxy,
see
information about how to deploy and configure the appliance when the network contains another proxy,
see
.
The Web Proxy handles both HTTP and native FTP transactions. For more information about working
with FTP, see
with FTP, see
.
Web Proxy Cache
By default, AsyncOS uses a web proxy cache to increase performance for users accessing the web in
some cases.
some cases.
You can edit the web proxy and proxy cache in the following ways:
•
Remove a URL from the cache. Use the
evict
subcommand of the
webcache
CLI command to
remove one or more URLs from the cache.
•
Specify a domain or URL to never cache. Use the
ignore
subcommand of the
webcache
CLI
command to specify one or more domains or URLs that the web proxy should never store in the
proxy cache. You can include embedded regular expression (regex) characters in the URL you
specify to never cache.
proxy cache. You can include embedded regular expression (regex) characters in the URL you
specify to never cache.
Each access log file entry includes transaction result codes that describe how the appliance resolved
client requests. Transaction result codes indicate whether the transaction was served from the proxy
cache or from the destination server. For more information about transaction result codes, see
client requests. Transaction result codes indicate whether the transaction was served from the proxy
cache or from the destination server. For more information about transaction result codes, see
.
Configuring the Web Proxy
This page allows you to configure basic and advanced settings to customize proxy services.
The Web Proxy settings apply to all connections that go over HTTP or HTTPS. To configure proxy
settings for native FTP connections, see
settings for native FTP connections, see
Step 1
Navigate to the Security Services > Web Proxy page.