Cisco Cisco Web Security Appliance S190 Guía Del Usuario
H O W W E B R E P U T A T I O N F I L T E R I N G W O R K S
C H A P T E R 1 4 : W E B R E P U T A T I O N F I L T E R S
313
H O W WE B R E P U T A T I O N F I L T E R I N G WO R K S
Web Reputation Scores are associated with an action to take on a URL request. The available
actions depend on the policy group type that is assigned to the URL request:
actions depend on the policy group type that is assigned to the URL request:
• Access Policies. You can choose to block, scan, or allow.
• Decryption Policies. You can choose to drop, decrypt, or pass through.
You can configure each policy group to correlate an action to a particular Web Reputation
Score.
Score.
Web Reputation in Access Policies
Table 14-1 describes the default Web Reputation Scores for Access Policies.
For example, by default, URLs in an HTTP request that are assigned a Web Reputation Score
of +7 are allowed and require no further scanning. However, a weaker score for an HTTP
request, such as +3, is automatically forwarded to the IronPort DVS engine where it is
scanned for malware. Any URL in an HTTP request that has a very poor reputation is blocked.
of +7 are allowed and require no further scanning. However, a weaker score for an HTTP
request, such as +3, is automatically forwarded to the IronPort DVS engine where it is
scanned for malware. Any URL in an HTTP request that has a very poor reputation is blocked.
Table 14-1 Default Web Reputation Scores for Access Policies
Score
Action
Description
Example
-10 to -6.0
Block
Bad site. The request is blocked,
and no further malware scanning
occurs.
and no further malware scanning
occurs.
• URL downloads information without
user permission.
• Sudden spike in URL volume.
• URL is a typo of a popular domain.
• URL is a typo of a popular domain.
-5.9 to 5.9
Scan
Undetermined site. Request is
passed to the DVS engine for
further malware scanning. The
DVS engine scans the request
and server response content.
passed to the DVS engine for
further malware scanning. The
DVS engine scans the request
and server response content.
• Recently created URL that has a dynamic
IP address and contains downloadable
content.
content.
• Network owner IP address that has a
positive Web Reputation Score.
6.0 to 10.0
Allow
Good site. Request is allowed.
No malware scanning required.
No malware scanning required.
• URL contains no downloadable content.
• Reputable, high-volume domain with
• Reputable, high-volume domain with
long history.
• Domain present on several allow lists.
• No links to URLs with poor reputations.
• No links to URLs with poor reputations.