Cisco Cisco Web Security Appliance S170 Guía Del Usuario
5-13
Cisco IronPort AsyncOS 7.7.5 for Web User Guide
Chapter 5 Web Proxy Services
Bypassing Application Scanning from Web Proxy Scanning
Because of these differences, if the proxy bypass list contains only IP addresses and hostnames, then the
Web Proxy can easily match the IP address in the request header to the IP addresses in the proxy bypass
list.
Web Proxy can easily match the IP address in the request header to the IP addresses in the proxy bypass
list.
However, for the proxy bypass list to work with domain names, you must connect both the T1 and T2
network interfaces (if using simplex mode) or just connect the T1 network interface (if using duplex
mode) to the network even if you do not enable the L4 Traffic Monitor. However, the proxy bypass list
only bypasses the Web Proxy scanning. It does not bypass the L4 Traffic Monitor.
network interfaces (if using simplex mode) or just connect the T1 network interface (if using duplex
mode) to the network even if you do not enable the L4 Traffic Monitor. However, the proxy bypass list
only bypasses the Web Proxy scanning. It does not bypass the L4 Traffic Monitor.
Note
If the transparent redirection device is a WCCP router, some are intelligent enough to not forward any
other packets to the Web Proxy for the same session. In this case, the packets are not physically sent to
the Web Proxy for the rest of the session and are truly bypassing it for the rest of the session.
other packets to the Web Proxy for the same session. In this case, the packets are not physically sent to
the Web Proxy for the rest of the session and are truly bypassing it for the rest of the session.
Using WCCP with the Proxy Bypass List
When the Web Security appliance is configured to use a WCCP v2 router, you must ensure that all WCCP
services defined in the Web Security appliance use the same forwarding and return method (either L2 or
GRE) to work properly with the proxy bypass list. If the forwarding and return methods do not match,
some WCCP enabled routers will act inconsistently.
services defined in the Web Security appliance use the same forwarding and return method (either L2 or
GRE) to work properly with the proxy bypass list. If the forwarding and return methods do not match,
some WCCP enabled routers will act inconsistently.
For more information, see
.
Bypassing Application Scanning from Web Proxy Scanning
Step 1
Navigate to the Web Security Manager > Bypass Settings page.
Step 2
Click Edit Application Bypass Settings.
Step 3
Enable Bypass Scanning for the application to bypass.
Step 4
Submit and commit your changes.
Proxy Usage Agreement
You can configure the Web Security appliance to inform users that it is filtering and monitoring their
web activity. The appliance does this by displaying an end-user acknowledgement page when a user first
accesses a browser after a certain period of time. When the end-user acknowledgement page appears,
users must click a link to access the original site requested or any other website. For more information
about end-user acknowledgement pages, see
web activity. The appliance does this by displaying an end-user acknowledgement page when a user first
accesses a browser after a certain period of time. When the end-user acknowledgement page appears,
users must click a link to access the original site requested or any other website. For more information
about end-user acknowledgement pages, see
.