Cisco Cisco Web Security Appliance S690 User Guide
10-11
AsyncOS 10.0 for Cisco Web Security Appliances User Guide
Chapter 10 Create Policies to Control Internet Requests
Block, Allow, or Redirect Transaction Requests
Block, Allow, or Redirect Transaction Requests
The web proxy controls web traffic based on the policies that you create for groups of transaction requests.
•
Allow. The Web Proxy permits the connection without interruption. Allowed connections may not
have been scanned by the DVS engine.
have been scanned by the DVS engine.
•
Block. The Web Proxy does not permit the connection and instead displays an end user notification
page explaining the reason for the block.
page explaining the reason for the block.
•
Redirect. The Web Proxy does not allow the connection to the originally requested destination
server and instead connects to a different specified URL, see
server and instead connects to a different specified URL, see
.
URL Filtering
AsyncOS for Web allows you to configure how the appliance handles a
transaction based on the URL category of a particular HTTP or HTTPS request.
Using a predefined category list, you can choose to block, monitor, warn, or set
quota-based or time-based filters.
transaction based on the URL category of a particular HTTP or HTTPS request.
Using a predefined category list, you can choose to block, monitor, warn, or set
quota-based or time-based filters.
You can also create custom URL categories and then choose to block, redirect,
allow, monitor, warn, or apply quota-based or time-based filters for Websites in
the custom categories. See
allow, monitor, warn, or apply quota-based or time-based filters for Websites in
the custom categories. See
for information about creating custom URL categories.
In addition, you can add exceptions to blocking of embedded or referred content.
Applications
The Application Visibility and Control engine (AVC) engine is an Acceptable
Use policy component that inspects Web traffic to gain deeper understanding and
control of Web traffic used for applications. The appliance allows the Web Proxy
to be configured to block or allow applications by Application Types, and by
individual applications. You can also apply controls to particular application
behaviors, such as file transfers, within a particular application. See
Use policy component that inspects Web traffic to gain deeper understanding and
control of Web traffic used for applications. The appliance allows the Web Proxy
to be configured to block or allow applications by Application Types, and by
individual applications. You can also apply controls to particular application
behaviors, such as file transfers, within a particular application. See
for configuration information.
Objects
Note
These options let you configure the Web Proxy to block file downloads
based on file characteristics, such as file sizefile type. An object is,
generally, any item that can be individually selected, uploaded,
downloaded and manipulated
based on file characteristics, such as file sizefile type. An object is,
generally, any item that can be individually selected, uploaded,
downloaded and manipulated
Anti-Malware
and Reputation
and Reputation
Web reputation filters allow for a web-based reputation score to be assigned to a
URL to determine the probability of it containing URL-based malware.
Anti-malware scanning identifies and stops web-based malware threats.
Advanced Malware Protection identifies malware in downloaded files.
URL to determine the probability of it containing URL-based malware.
Anti-malware scanning identifies and stops web-based malware threats.
Advanced Malware Protection identifies malware in downloaded files.
The Anti-Malware and Reputation policy inherits global settings respective to
each component. Within Security Services > Anti-Malware and Reputation,
malware categories can be customized to monitor or block based on malware
scanning verdicts and web reputation score thresholds can be customized.
Malware categories can be further customized within a policy. There are also
global settings for file reputation and analysis services.
each component. Within Security Services > Anti-Malware and Reputation,
malware categories can be customized to monitor or block based on malware
scanning verdicts and web reputation score thresholds can be customized.
Malware categories can be further customized within a policy. There are also
global settings for file reputation and analysis services.
For more information, see
and
Configuring File Reputation and Analysis Features,
page 17-4
.
Option
Description