Cisco Cisco Web Security Appliance S170 Guía Del Usuario
Chapter 8 Access Policies
Access Policies Overview
8-2
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
Step 2
Create and configure Access Policy groups. After the Web Proxy is enabled,
you create and configure Access Policy groups to determine how to handle each
request from each user. For more information, see
you create and configure Access Policy groups to determine how to handle each
request from each user. For more information, see
.
Access Policy Groups
Access Policies define how the Web Proxy handles HTTP and FTP requests and
decrypted HTTPS connections for network users. You can apply different actions
to specified groups of users. You can also specify which ports the Web Proxy
monitors for HTTP transactions.
decrypted HTTPS connections for network users. You can apply different actions
to specified groups of users. You can also specify which ports the Web Proxy
monitors for HTTP transactions.
Note
HTTP PUT and POST requests are handled by Outbound Malware Scanning,
IronPort Data Security, and External DLP Policies. For more information, see
IronPort Data Security, and External DLP Policies. For more information, see
and
When the Web Proxy receives an HTTP request on a monitored port or a
decrypted HTTPS connection, it compares the request to the Access Policy groups
to determine which Access Policy group to apply. After it assigns the request to
an Access Policy group, it can determine what to do with the request. For more
information about evaluating policy group membership, see
decrypted HTTPS connection, it compares the request to the Access Policy groups
to determine which Access Policy group to apply. After it assigns the request to
an Access Policy group, it can determine what to do with the request. For more
information about evaluating policy group membership, see
The Web Proxy can perform any of the following actions on an HTTP request or
decrypted HTTPS connection:
decrypted HTTPS connection:
•
Allow. The Web Proxy permits the connection without interruption. Allowed
connections may not have been scanned by the DVS engine.
connections may not have been scanned by the DVS engine.
•
Block. The Web Proxy does not permit the connection and instead displays
an end user notification page explaining the reason for the block.
an end user notification page explaining the reason for the block.
•
Redirect. The Web Proxy does not allow the connection to the originally
requested destination server and instead connects to a different specified
URL. You might want to redirect traffic at the appliance if your organization
published the links to an internal site, but the location of the site changed
since publication, or if you do not have control over the web server. For more
information about redirecting traffic, see
requested destination server and instead connects to a different specified
URL. You might want to redirect traffic at the appliance if your organization
published the links to an internal site, but the location of the site changed
since publication, or if you do not have control over the web server. For more
information about redirecting traffic, see