Cisco Cisco Web Security Appliance S170 Guía Del Usuario
Chapter 12 Data Security and External DLP Policies
Working with Data Security and External DLP Policies
12-4
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
Working with Data Security and External DLP
Policies
Policies
IronPort Data Security Policies and External DLP Policies define how the Web
Proxy handles HTTP requests and decrypted HTTPS connections for transactions
that upload data to a server (upload requests). However, IronPort Data Security
Policies use logic defined on the Web Security appliance and External DLP
Policies use logic defined on the DLP system. An upload request is an HTTP or
decrypted HTTPS request that has content in the request body.
Proxy handles HTTP requests and decrypted HTTPS connections for transactions
that upload data to a server (upload requests). However, IronPort Data Security
Policies use logic defined on the Web Security appliance and External DLP
Policies use logic defined on the DLP system. An upload request is an HTTP or
decrypted HTTPS request that has content in the request body.
When the Web Proxy receives an upload request, it compares the request to the
Data Security and External DLP Policy groups to determine which policy group
to apply. If both types of policies are configured, it compares the request to
IronPort Data Security Policies before external DLP Policies. After it assigns the
request to a policy group, it compares the request to the policy group’s configured
control settings to determine what to do with the request.
Data Security and External DLP Policy groups to determine which policy group
to apply. If both types of policies are configured, it compares the request to
IronPort Data Security Policies before external DLP Policies. After it assigns the
request to a policy group, it compares the request to the policy group’s configured
control settings to determine what to do with the request.
How you configure the appliance to handle upload requests depends on the policy
group type. For more information, see
group type. For more information, see
and
Note
Upload requests that try to upload files with a size of zero (0) bytes are not
evaluated against IronPort Data Security or External DLP Policies.
evaluated against IronPort Data Security or External DLP Policies.
Data Security Policy Groups
To configure the Web Security appliance to handle upload requests on the
appliance itself, perform the following tasks:
appliance itself, perform the following tasks:
Step 1
Enable the IronPort Data Security Filters. To scan upload requests on the
appliance, you must first enable the IronPort Data Security Filters. Usually, the
IronPort Data Security Filters feature is enabled during the initial setup using the
System Setup Wizard. Otherwise, go to the Security Services > Data Security
Filters page to enable it.
appliance, you must first enable the IronPort Data Security Filters. Usually, the
IronPort Data Security Filters feature is enabled during the initial setup using the
System Setup Wizard. Otherwise, go to the Security Services > Data Security
Filters page to enable it.