Cisco Cisco Web Security Appliance S160 User Guide
Chapter 16 URL Filters
URL Filters Overview
16-2
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Using policy groups, you can create secure policies that control access to web
sites containing objectionable or questionable content. The sites that are actually
blocked, dropped, allowed, or decrypted depend on the categories you select when
setting up category blocking for each policy group.
sites containing objectionable or questionable content. The sites that are actually
blocked, dropped, allowed, or decrypted depend on the categories you select when
setting up category blocking for each policy group.
To control user access based on a URL category, you must enable one of the
following URL filtering engines:
following URL filtering engines:
•
Cisco IronPort Web Usage Controls. This is a multi-layered URL filtering
engine that uses domain prefixes and keyword analysis to categorize URLs,
and real-time response content analysis using the Dynamic Content Analysis
engine if no category is determined by prefixes and keywords. It includes over
65 predefined URL categories. This engine also allows end users and
administrators to report to IronPort any miscategorized URLs as well as
uncategorized URLs for future inclusion in the categorization database.
engine that uses domain prefixes and keyword analysis to categorize URLs,
and real-time response content analysis using the Dynamic Content Analysis
engine if no category is determined by prefixes and keywords. It includes over
65 predefined URL categories. This engine also allows end users and
administrators to report to IronPort any miscategorized URLs as well as
uncategorized URLs for future inclusion in the categorization database.
For more information, see
•
IronPort URL Filters. This URL filtering engine categorizes URLs in the
client request using domains stored in a database. It includes more than 50
predefined URL categories, and allows end users and administrators to report
to IronPort any uncategorized URLs.
client request using domains stored in a database. It includes more than 50
predefined URL categories, and allows end users and administrators to report
to IronPort any uncategorized URLs.
You can use URL categories when performing the following tasks:
•
Define policy group membership. You can define policy group membership
by the URL category of the request URL.
by the URL category of the request URL.
•
Control access to HTTP, HTTPS, and FTP requests. You can choose to
allow or block HTTP and FTP requests by URL category using Access
Policies, and you can choose to pass through, drop, or decrypt HTTPS
requests by URL category using Decryption Policies. You can also choose
whether or not to block upload requests by URL category using IronPort Data
Security Policies. For more information, see
allow or block HTTP and FTP requests by URL category using Access
Policies, and you can choose to pass through, drop, or decrypt HTTPS
requests by URL category using Decryption Policies. You can also choose
whether or not to block upload requests by URL category using IronPort Data
Security Policies. For more information, see
.
In addition to the predefined URL categories included with the URL filtering
engine, you can create user defined custom URL categories that specify specific
hostnames and IP addresses. For more information, see
engine, you can create user defined custom URL categories that specify specific
hostnames and IP addresses. For more information, see