Cisco Cisco Web Security Appliance S160 Guía Del Usuario
9-14
Cisco IronPort AsyncOS 7.5 for Web User Guide
Chapter 9 Access Policies
Blocking Specific Applications and Protocols
Policy: URL Categories
You can specify categories of URLs to block, including the predefined “Chat and Instant Messaging”
and “Peer File Transfer” categories. You can also add specific custom URL categories should you want
to add a URL that is not already included in the predefined categories. You may then add the custom
category to the list of blocked URLs.
and “Peer File Transfer” categories. You can also add specific custom URL categories should you want
to add a URL that is not already included in the predefined categories. You may then add the custom
category to the list of blocked URLs.
For more information about using URL Categories, see
Policy: Objects
You can block some Peer-to-Peer files directly, via the Access Policies: Objects: Global Policy page.
On the Web Security Manager > Access Policies page, click on the value in the Objects column for the
desired policy.
desired policy.
In the Block Object Type section, check any boxes in the P2P Metafiles group. You can add custom
MIME (Multipurpose Internet Mail Extensions) types by entering them in the Custom MIME Types
field. For example, entering the
MIME (Multipurpose Internet Mail Extensions) types by entering them in the Custom MIME Types
field. For example, entering the
application/x-zip
signature blocks ZIP archive files.
Blocking on Ports Other Than 80
If these applications are using ports other than 80, you may want to block access to a specific server or
block of IP addresses to which the client must connect. To manage these applications on other ports, use
the L4 Traffic Monitor. The L4 Traffic monitor allows you to restrict access on specific ports. However,
the restriction is global, so it will apply to all traffic on that port.
block of IP addresses to which the client must connect. To manage these applications on other ports, use
the L4 Traffic Monitor. The L4 Traffic monitor allows you to restrict access on specific ports. However,
the restriction is global, so it will apply to all traffic on that port.