Cisco Cisco Web Security Appliance S690 User Guide
15-4
AsyncOS 9.0 for Cisco Web Security Appliances User Guide
Chapter 15 Managing Access to Web Applications
Policy Application Control Settings
Alternatively, when Range Request Forwarding is enabled (see
), you can control how incoming range requests are handled on a per-policy basis. This process
is known as “byte serving” and is a means of bandwidth optimization when requesting large files.
However, enabling range request forwarding can interfere with policy-based Application Visibility and
Control (AVC) efficiency, and can compromise security. Please exercise caution and enable HTTP Range
Request Forwarding only if the advantages outweigh the security implications.
Control (AVC) efficiency, and can compromise security. Please exercise caution and enable HTTP Range
Request Forwarding only if the advantages outweigh the security implications.
Note
The Range Request Settings are read-only when Range Request Forwarding is not enabled. and also
when it is enabled but all applications are set to Monitor. The settings are available when at least one
application is set to Block, Restrict, or Throttle.
when it is enabled but all applications are set to Monitor. The settings are available when at least one
application is set to Block, Restrict, or Throttle.
Rules and Guidelines
Consider the following rules and guidelines when configuring application control settings:
•
The supported Application Types, applications, and application behaviors may change between
AsyncOS for Web upgrades, or after AVC engine updates.
AsyncOS for Web upgrades, or after AVC engine updates.
•
In Application Type listings, the summary for each Application Type lists the final actions for its
applications, but does not indicate whether these actions are inherited from the global policy or
configured in the current Access Policy. To learn more about the action for a particular application,
expand the application type.
applications, but does not indicate whether these actions are inherited from the global policy or
configured in the current Access Policy. To learn more about the action for a particular application,
expand the application type.
•
In the Global Access Policy, you can set the default action for each Application Type, so new
applications introduced in an AVC engine update automatically inherit the default action.
applications introduced in an AVC engine update automatically inherit the default action.
•
You can quickly configure the same action for all applications in an application type by clicking the
“edit all” link for the Application Type in Browse view. However, you can only configure the
application action, not application behavior actions. To configure application behaviors, you must
edit the application individually.
“edit all” link for the Application Type in Browse view. However, you can only configure the
application action, not application behavior actions. To configure application behaviors, you must
edit the application individually.
•
In Search view, when you sort the table by the action column, the sort order is by the final action.
For example, “Use Global (Block)” comes after “Block” in the sort order.
For example, “Use Global (Block)” comes after “Block” in the sort order.
•
Decryption may cause some applications to fail unless the root certificate for signing is installed on
the client.
the client.
Related topics
•
Range Request Settings for Policy
Range Request
Settings
Settings
•
Do not forward range requests – Any request for a portion of a file is not
forwarded; the entire file is returned.
forwarded; the entire file is returned.
•
Forward range requests – If the requested range is valid, it is forwarded
and the target server will return the only requested portion of the desired file.
and the target server will return the only requested portion of the desired file.
Exception list
You can specify traffic destinations which are exempt from the current
forwarding selection. That is, when Do not forward range requests is selected,
you can specify destinations for which requests are forwarded. Similarly, when
Forward range requests is selected, you can specify destinations for which
requests are not forwarded.
forwarding selection. That is, when Do not forward range requests is selected,
you can specify destinations for which requests are forwarded. Similarly, when
Forward range requests is selected, you can specify destinations for which
requests are not forwarded.