When the Web Proxy receives an upload request, it compares the request to the Data Security and
External DLP Policy groups to determine which policy group to apply. If both types of policies are
configured, it compares the request to Cisco IronPort Data Security Policies before external DLP
Policies. After it assigns the request to a policy group, it compares the request to the policy group’s
configured control settings to determine what to do with the request. How you configure the appliance
to handle upload requests depends on the policy group type.

Note

Upload requests that try to upload files with a size of zero (0) bytes are not evaluated against Cisco
IronPort Data Security or External DLP Policies.

Option

Description

Cisco IronPort Data Security
Filters

The Cisco IronPort Data Security Filters on the Web Security appliance
evaluate data leaving the network over HTTP, HTTPS and FTP.

Third party data loss
prevention (DLP) integration

The Web Security appliance integrates with leading third party
content-aware DLP systems that identify and protect sensitive data. The
Web Proxy uses the Internet Content Adaptation Protocol (ICAP) which
allows proxy servers to offload content scanning to external systems