Cisco Cisco Web Security Appliance S670 Guide D’Information

Contributed by Simon Putz and Siddharth Rajpathak, Cisco TAC
Engineers.

Jul 14, 2014

How do I manually whitelist a webpage on the Cisco Web Security Appliance (running 5.2.0 and above) so
that WBRS, WebRoot or McAfee scanning is bypassed?

User is trying to access a legitimate site, but is being blocked due to a low WBRS score (virus infection of
webserver, spam being sent through the webserver IP etc.) or due to one of the anti−malware engines
triggering on that page.

If the user is blocked due to a low WBRS the user is seeing a MALWARE_GENERAL block message. The
accesslogs show a WBRS below the blocking threshold (default is −6.0).

For a permanent solution, please contact Cisco TAC so that the page can be reviewed in order to adjust the
WBRS or to report false positives to the anti−virus and anti−malware vendors.

You can also contact Cisco TAC to gather more information on why the site is blocked so that the technical
contact or administrator of the website can be notified and can take the necessary steps.
Make sure to provide the relevant blocking codes and accesslog lines when contacting Cisco TAC

Create a custom URL category containing all sites that you don't want to be blocked (GUI −> Web
Security Manager −> Custom URL Categories).

1. 

Create a new Identity and add the new Custom URL Category as a member. (GUI −> Web Security
Manager −> Identities)
Depending on your setup you will have to choose between 'authentication required' with the according
group/user membership settings or 'no authentication'.

2. 

Create a new Web Access Policy (GUI −> Web Security Manager −> Web Access Policies),

3.