Cisco Cisco Web Security Appliance S670 User Guide
8-3
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Chapter 8 Access Policies
Access Policies Overview
Note
The preceding actions are final actions that the Web Proxy takes on a client
request. The Monitor action that you can configure for Access Policies is not a
final action. For more information, see
request. The Monitor action that you can configure for Access Policies is not a
final action. For more information, see
After the Web Proxy assigns an Access Policy to an HTTP or decrypted HTTPS
request, it compares the request to the policy group’s configured control settings
to determine which action to apply. You can configure multiple security
components to determine how to handle HTTP and decrypted HTTPS requests for
a particular policy group. For more information about the security components
that you can configure and how the Web Proxy uses Access Policy groups to
control HTTP traffic, see
request, it compares the request to the policy group’s configured control settings
to determine which action to apply. You can configure multiple security
components to determine how to handle HTTP and decrypted HTTPS requests for
a particular policy group. For more information about the security components
that you can configure and how the Web Proxy uses Access Policy groups to
control HTTP traffic, see
Understanding the Monitor Action
When the Web Proxy compares a transaction to the control settings, it evaluates
the settings in order. Each control setting can be configured to perform one of the
following actions for Access Policies:
the settings in order. Each control setting can be configured to perform one of the
following actions for Access Policies:
•
Monitor
•
Allow
•
Block
•
Redirect
All actions except Monitor are final actions that the Web Proxy applies to a
transaction. A final action is an action that causes the Web Proxy to stop
comparing the transaction to the rest of the control settings.
transaction. A final action is an action that causes the Web Proxy to stop
comparing the transaction to the rest of the control settings.
The Monitor action is an intermediary action. The Web Proxy continues
comparing the transaction to the other control settings to determine which final
action to apply.
comparing the transaction to the other control settings to determine which final
action to apply.
For example, if an Access Policy is configured to monitor a suspect user agent,
the Web Proxy does not make a final determination about a request from the user
agent. If an Access Policy is configured to block a particular URL category, then
any request to that URL category is blocked before fetching the content from the
server regardless of the server’s reputation score.
the Web Proxy does not make a final determination about a request from the user
agent. If an Access Policy is configured to block a particular URL category, then
any request to that URL category is blocked before fetching the content from the
server regardless of the server’s reputation score.