Cisco Cisco Web Security Appliance S370 Guía Del Usuario
16-12
Cisco AsyncOS for Web User Guide
Chapter 16 Notify End-Users of Proxy Actions
Configuring the End-User URL Filtering Warning Page
You can specify any value from 30 to 2678400 seconds (one month). Default is 1 day (86400 seconds).
You can enter the value in seconds, minutes, or days. Use ‘s’ for seconds, ‘m’ for minutes, and ‘d’ for
days.
You can enter the value in seconds, minutes, or days. Use ‘s’ for seconds, ‘m’ for minutes, and ‘d’ for
days.
Step 5
In the Inactivity Timeout field, enter the maximum IP address idle timeout.
You can specify any value from 30 to 2678400 seconds (one month). Default is four hours (14400
seconds). You can enter the value in seconds, minutes, or days. Use ‘s’ for seconds, ‘m’ for minutes, and
‘d’ for days.
seconds). You can enter the value in seconds, minutes, or days. Use ‘s’ for seconds, ‘m’ for minutes, and
‘d’ for days.
Step 6
Select the Surrogate Type.
Step 7
In the Custom Message field, enter text you want to appear on every end-user acknowledgment page.
Step 8
(Optional) Click Preview Acknowledgment Page Customization to view the current end-user
acknowledgment page in a separate browser window.
acknowledgment page in a separate browser window.
Step 9
Submit and Commit Changes.
Related Topics
•
•
Access HTTPS and FTP Sites with the End-User Acknowledgment Page
The end-user acknowledgment page works because it displays an HTML page to the end user that forces
them to click an acceptable use policy agreement. After users click the link, the Web Proxy redirects
clients to the originally requested website. It keeps track of when users accepted the end-user
acknowledgment page using a surrogate (either by IP address or web browser session cookie) if no
username is available for the user.
them to click an acceptable use policy agreement. After users click the link, the Web Proxy redirects
clients to the originally requested website. It keeps track of when users accepted the end-user
acknowledgment page using a surrogate (either by IP address or web browser session cookie) if no
username is available for the user.
•
HTTPS. The Web Proxy tracks whether the user has acknowledged the end-user acknowledgment
page with a cookie, but it cannot obtain the cookie unless it decrypts the transaction. You can choose
to either bypass (pass through) or drop HTTPS requests when the end-user acknowledgment page is
enabled and tracks users using session cookies. Do this using the
page with a cookie, but it cannot obtain the cookie unless it decrypts the transaction. You can choose
to either bypass (pass through) or drop HTTPS requests when the end-user acknowledgment page is
enabled and tracks users using session cookies. Do this using the
advancedproxyconfig > EUN
CLI
command, and choose bypass for the “Action to be taken for HTTPS requests with Session based
EUA (“bypass” or “drop”).” command.
EUA (“bypass” or “drop”).” command.
•
FTP over HTTP. Web browsers never send cookies for FTP over HTTP transactions, so the Web
Proxy cannot obtain the cookie. To work around this, you can exempt FTP over HTTP transactions
from requiring the end-user acknowledgment page. Do this by creating a custom URL category
using “ftp://” as the regular expression (without the quotes) and defining and Identity policy that
exempts users from the end-user acknowledgment page for this custom URL category.
Proxy cannot obtain the cookie. To work around this, you can exempt FTP over HTTP transactions
from requiring the end-user acknowledgment page. Do this by creating a custom URL category
using “ftp://” as the regular expression (without the quotes) and defining and Identity policy that
exempts users from the end-user acknowledgment page for this custom URL category.
Configuring the End-User URL Filtering Warning Page
Step 1
Security Services > End-User Notification.
Step 2
Click Edit Settings.
Step 3
Scroll down to the End-User URL Filtering Warning Page section.