When the Web Proxy receives an upload request, it compares the request to the Data Security and
External DLP Policy groups to determine which policy group to apply. If both types of policies are
configured, it compares the request to Cisco Data Security policies before external DLP policies. After
it assigns the request to a policy group, it compares the request to the policy group’s configured control
settings to determine what to do with the request. How you configure the appliance to handle upload
requests depends on the policy group type.

Note

Upload requests that try to upload files with a size of zero (0) bytes are not evaluated against Cisco Data
Security or External DLP policies.

Option

Description

Cisco Data Security filters

The Cisco Data Security filters on the Web Security appliance evaluate
data leaving the network over HTTP, HTTPS and FTP.

Third-party data loss
prevention (DLP) integration

The Web Security appliance integrates with leading third party
content-aware DLP systems that identify and protect sensitive data. The
Web Proxy uses the Internet Content Adaptation Protocol (ICAP) which
allows proxy servers to offload content scanning to external systems