Cisco Cisco Web Security Appliance S680 Guía Del Usuario
11-19
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 11 Processing HTTPS Traffic
Routing HTTPS Traffic
Step 8
Submit your changes.
Step 9
Configure Decryption Policy group control settings to define how the Web Proxy handles transactions.
The new policy group automatically inherits global policy group settings until you configure options for
each control setting. For more information, see
each control setting. For more information, see
Step 10
Submit and commit your changes.
Routing HTTPS Traffic
The ability of AsyncOS to route HTTPS transactions based on information stored in client headers is
limited and is different for transparent and explicit HTTPS.
limited and is different for transparent and explicit HTTPS.
Transparent HTTPS
In the case of transparent HTTPS, AsyncOS does not have access to information in the client headers.
Therefore, AsyncOS cannot enforce routing policies that rely on information in client headers. For
example, for transparent HTTPS transactions, AsyncOS does not have access to the username in the
HTTPS client header and therefore it cannot match a routing policy based on username. In this case,
AsyncOS uses the default routing policy.
Therefore, AsyncOS cannot enforce routing policies that rely on information in client headers. For
example, for transparent HTTPS transactions, AsyncOS does not have access to the username in the
HTTPS client header and therefore it cannot match a routing policy based on username. In this case,
AsyncOS uses the default routing policy.
Explicit HTTPS
In the case of explicit HTTPS, AsyncOS has access to the following information in client headers:
•
URL
•
Destination port number
User Agents
Choose whether or not to define policy group membership by the user agent used
in the client request. You can select some commonly defined browsers, or define
your own using regular expressions. Choose whether this policy group should apply
to the selected user agents or to any user agent that is not in the list of selected user
agents.
in the client request. You can select some commonly defined browsers, or define
your own using regular expressions. Choose whether this policy group should apply
to the selected user agents or to any user agent that is not in the list of selected user
agents.
For more information on creating user agent based policies, see
.
Note: If the Identity associated with this policy group defines Identity membership
by this advanced setting, the setting is not configurable at the non-Identity policy
group level.
by this advanced setting, the setting is not configurable at the non-Identity policy
group level.
User Location
Choose whether or not to define policy group membership by user location, either
remote or local.
remote or local.
This option only appears when the Secure Mobility is enabled. For more
information, see
information, see
.
Table 11-2
Decryption Policy Group Advanced Options (continued)
Advanced Option
Description