Cisco Cisco Web Security Appliance S670 User Guide
Chapter 18 Web Reputation Filters
Understanding How Web Reputation Filtering Works
18-4
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Understanding How Web Reputation Filtering Works
Web Reputation Scores are associated with an action to take on a URL request.
The available actions depend on the policy group type that is assigned to the URL
request:
The available actions depend on the policy group type that is assigned to the URL
request:
•
Access Policies. You can choose to block, scan, or allow.
•
Decryption Policies. You can choose to drop, decrypt, or pass through.
You can configure each policy group to correlate an action to a particular Web
Reputation Score.
Reputation Score.
Web Reputation in Access Policies
Score
Action
Description
Example
-10 to -6.0
Block
Bad site. The request is blocked,
and no further malware scanning
occurs.
and no further malware scanning
occurs.
•
URL downloads information without
user permission.
user permission.
•
Sudden spike in URL volume.
•
URL is a typo of a popular domain.
-5.9 to 5.9
Scan
Undetermined site. Request is
passed to the DVS engine for
further malware scanning. The
DVS engine scans the request
and server response content.
passed to the DVS engine for
further malware scanning. The
DVS engine scans the request
and server response content.
•
Recently created URL that has a
dynamic IP address and contains
downloadable content.
dynamic IP address and contains
downloadable content.
•
Network owner IP address that has a
positive Web Reputation Score.
positive Web Reputation Score.
6.0 to 10.0
Allow
Good site. Request is allowed.
No malware scanning required.
No malware scanning required.
•
URL contains no downloadable
content.
content.
•
Reputable, high-volume domain
with long history.
with long history.
•
Domain present on several allow
lists.
lists.
•
No links to URLs with poor
reputations.
reputations.