Cisco Cisco Web Security Appliance S160 Guía Del Usuario
9-12
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 9 Block, Allow or Redirect Transaction Requests
Blocking Specific Applications and Protocols
Web Reputation and Anti-Malware
The Web Reputation and Anti-Malware Filtering policy inherits global settings respective to each
component. To customize filtering and scanning for a particular policy group, you can use the Web
Reputation and Anti-Malware Settings pull-down menu to customize monitoring or blocking for
malware categories based on malware scanning verdicts and to customize web reputation score
thresholds.
component. To customize filtering and scanning for a particular policy group, you can use the Web
Reputation and Anti-Malware Settings pull-down menu to customize monitoring or blocking for
malware categories based on malware scanning verdicts and to customize web reputation score
thresholds.
For more information, see
.
Blocking Specific Applications and Protocols
You can configure how the appliance manages some kinds of applications based on the port being used:
•
Port 80. You can control how the Web Security appliance manages these applications using Access
Policies, but only as they are accessed via HTTP tunneling on port 80.
Policies, but only as they are accessed via HTTP tunneling on port 80.
•
Ports other than 80. You can block these applications on other ports by using the L4 Traffic
Monitor.
Monitor.
Use the Web Security Manager > Access Policies page to manage access and monitoring for these types
of applications on a more granular (per policy) level. Use the L4 Traffic Monitor to manage access and
monitoring on a more global basis.
of applications on a more granular (per policy) level. Use the L4 Traffic Monitor to manage access and
monitoring on a more global basis.
Blocking on Port 80
To block access to these types of applications where port 80 is used, you can use the Web Security
Manager > Access Policies page. The Access Policies page provides several methods for blocking
access. You can block access by clicking on any of the following columns for a particular policy group:
Manager > Access Policies page. The Access Policies page provides several methods for blocking
access. You can block access by clicking on any of the following columns for a particular policy group:
•
Protocols and User Agents
•
URL Categories
•
Objects
You can block access to predefined URL categories such as “Chat and Instant Messaging” and “Peer File
Transfer”, or create your own custom URL categories. You can block specific applications based on their
“agent patterns” or signatures.
Transfer”, or create your own custom URL categories. You can block specific applications based on their
“agent patterns” or signatures.
You can apply some or all of these methods on various Access Policies by creating additional Access
Policy groups. For details on how to create additional Access Policy groups, see
Policy groups. For details on how to create additional Access Policy groups, see
.
Policy: Protocols and User Agents
You can create a rule that blocks a particular user agent based on its pattern using Regular Expressions.
You block access to applications based on their agent pattern similarly for the different Access Policies:
•
User defined policies — On the Web Security Manager > Access Policies page, click the value in
the Protocols and User Agents column for the desired policy. Choose Define Applications Custom
Settings.
the Protocols and User Agents column for the desired policy. Choose Define Applications Custom
Settings.
•
Global Policy — On the Web Security Manager > Access Policies page, click the value in the
Protocols and User Agents column for the Global Policy.
Protocols and User Agents column for the Global Policy.