Cisco Cisco Email Security Appliance C160 Guía Del Usuario
16-10
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 16 Protecting Against Malicious or Undesirable URLs
Taking Action Based on the Reputation or Category of URLs in Messages
Note
Neutral URL reputation means that URLs are currently clean, but may turn malicious in future, as they
are prone to attacks. For such URLs, administrators can create non-blocking policies, for example,
redirecting them to the Cisco Web Security Proxy for click-time evaluation.
are prone to attacks. For such URLs, administrators can create non-blocking policies, for example,
redirecting them to the Cisco Web Security Proxy for click-time evaluation.
The following URL-related actions are available:
•
Defang a URL so that it is unclickable. Message recipients can still see and copy the URL.
•
Redirect a URL so that if the message recipient clicks the link, the transaction is routed to a Cisco
web security proxy in the cloud, which blocks access if the site is malicious.
web security proxy in the cloud, which blocks access if the site is malicious.
Example: You might want to redirect all URLs in the Uncategorized category to the Cisco Cloud
Web Security proxy service, as malicious sites used in phishing attacks often do not exist long
enough to be classified.
Web Security proxy service, as malicious sites used in phishing attacks often do not exist long
enough to be classified.
See also
To redirect URLs to a different proxy, see the example in the following bullet.
Note
The Cisco Cloud Web Security proxy service has no configurable options in this release. For
example, there is no threat score threshold to adjust or action to specify based on threat
score.
example, there is no threat score threshold to adjust or action to specify based on threat
score.
•
Replace the URL with any text.
To include the original URL in the text that appears in the message, use the
$URL
variable.
Examples:
–
Replace all URLs in the Illegal Downloads category with a note:
Message from your system administrator: A link to an illegal downloads web site
has been removed from this message.
–
Include the original URL along with a warning:
WARNING! The following URL may contain malware: $URL
This becomes: WARNING: The following URL may contain malware: http://example.com.
–
Redirect to a custom proxy or web security service:
http://custom_proxy/$URL
This becomes: http://custom_proxy/http://example.com
The reputation and category of URLs that are included on the selected URL whitelist or on the global
URL whitelist are not evaluated.
URL whitelist are not evaluated.
If you defang or replace URLs, you can choose to ignore URLs in signed messages.
Pairing a URL Reputation or URL Category action with a URL Reputation or URL Category condition
(or rule) is not recommended. If you pair a condition (rule) and action that include different categories,
then no match occurs.
(or rule) is not recommended. If you pair a condition (rule) and action that include different categories,
then no match occurs.
Tip
To check the category of a particular URL, visit the link in
.