Cisco Cisco Web Security Appliance S690 User Guide
C O N T R O L L I N G H T T P S T R A F F I C
C H A P T E R 1 0 : D E C R Y P T I O N P O L I C I E S
207
C O N T R O L L I N G H T T P S TR A F F I C
After the Web Security appliance assigns an HTTPS connection request to a Decryption Policy
group, the connection request inherits the control settings of that policy group. The control
settings of the Decryption Policy group determine whether the appliance allows, drops, or
passes through the connection. For more information about the actions the appliance can take
on an HTTPS request, see “Decryption Policy Groups” on page 181.
group, the connection request inherits the control settings of that policy group. The control
settings of the Decryption Policy group determine whether the appliance allows, drops, or
passes through the connection. For more information about the actions the appliance can take
on an HTTPS request, see “Decryption Policy Groups” on page 181.
Configure control settings for Decryption Policy groups on the Web Security Manager >
Decryption Policies page.
Decryption Policies page.
Figure 10-8 shows where you can configure control settings for the Decryption Policy groups.
Figure 10-8 HTTPS Policies Table
You can configure the following settings to determine what action to take on the HTTPS
connection:
connection:
• URL categories. You can configure the action to take on HTTPS requests for each
predefined and custom URL category. Click the link under the URL Categories column for
the policy group you want to configure. For more information about working with URL
filters, see “URL Filters” on page 267. For more information about configuring URL
categories, see “Configuring URL Filters for Decryption Policy Groups” on page 275.
the policy group you want to configure. For more information about working with URL
filters, see “URL Filters” on page 267. For more information about configuring URL
categories, see “Configuring URL Filters for Decryption Policy Groups” on page 275.
Note — If you want to block (with end-user notification) a particular URL category for
HTTPS requests instead of drop (with no end-user notification), choose to decrypt that
URL category in the Decryption Policy group and then choose to block the same URL
category in the Access Policy group.
HTTPS requests instead of drop (with no end-user notification), choose to decrypt that
URL category in the Decryption Policy group and then choose to block the same URL
category in the Access Policy group.
• Web reputation. You can configure the action to take on HTTPS requests based on the
web reputation score of the requested server. Click the link under the Web Reputation
column for the policy group you want to configure. For more information about working
with web reputation scores, see “Web Reputation in Decryption Policies” on page 314.
column for the policy group you want to configure. For more information about working
with web reputation scores, see “Web Reputation in Decryption Policies” on page 314.