Cisco Cisco Web Security Appliance S690 User Guide
9-5
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
Chapter 9 Working with External Proxies
Evaluating Routing Policy Group Membership
Step 6
Submit and commit your changes.
Evaluating Routing Policy Group Membership
After the Web Proxy assigns an Identity to a client request, it evaluates the request
against the other policy types to determine which policy group it belongs for each
type. Any request that does not get terminated due to failed authentication gets
evaluated against the Routing Policies to determine from where to fetch the data.
against the other policy types to determine which policy group it belongs for each
type. Any request that does not get terminated due to failed authentication gets
evaluated against the Routing Policies to determine from where to fetch the data.
Once the Web Proxy assigns a Routing Policy group to a request, it fetches the
content from the location configured for the policy group, either from a
configured proxy group or directly from the server.
content from the location configured for the policy group, either from a
configured proxy group or directly from the server.
To determine the policy group that a client request matches, the Web Proxy
follows a specific process for matching the group membership criteria. During
this process, it considers the following factors for group membership:
follows a specific process for matching the group membership criteria. During
this process, it considers the following factors for group membership:
•
Identity. Each client request either matches an Identity, fails authentication
and is granted guest access, or fails authentication and gets terminated. For
more information about evaluating Identity group membership, see
and is granted guest access, or fails authentication and gets terminated. For
more information about evaluating Identity group membership, see
.
•
Authorized users. If the assigned Identity requires authentication, the user
must be in the list of authorized users in the Routing Policy group to match
the policy group.
must be in the list of authorized users in the Routing Policy group to match
the policy group.
•
Advanced options. You can configure several advanced options for Routing
Policy group membership. Some options (such as proxy port and URL
category) can also be defined within the Identity. When an advanced option
is configured in the Identity, it is not configurable in the Routing Policy group
level.
Policy group membership. Some options (such as proxy port and URL
category) can also be defined within the Identity. When an advanced option
is configured in the Identity, it is not configurable in the Routing Policy group
level.
The information in this section gives an overview of how the appliance matches
client requests to Routing Policy groups. For more details about exactly how the
appliance matches client requests, see
client requests to Routing Policy groups. For more details about exactly how the
appliance matches client requests, see
The Web Proxy sequentially reads through each policy group in the policies table.
It compares the client request status to the membership criteria of the first policy
group. If they match, the Web Proxy applies the policy settings of that policy
group.
It compares the client request status to the membership criteria of the first policy
group. If they match, the Web Proxy applies the policy settings of that policy
group.