Cisco Cisco Web Security Appliance S170 사용자 가이드
17-13
Cisco IronPort AsyncOS 7.7.5 for Web User Guide
Chapter 17 URL Filters
Filtering Transactions Using URL Categories
Note
If you want to block a particular URL category for HTTPS requests, choose to decrypt that URL
category in the Decryption Policy group and then choose to block the same URL category in the
Access Policy group.
category in the Decryption Policy group and then choose to block the same URL category in the
Access Policy group.
Step 5
In the Uncategorized URLs section, choose the action to take for client requests to web sites that do not
fall into a predefined or custom URL category.
fall into a predefined or custom URL category.
This setting also determines the default action for new and merged categories resulting from URL
category set updates. For details, see
category set updates. For details, see
You can choose any action listed in
.
Step 6
Submit and commit your changes.
Configuring URL Filters for Data Security Policy Groups
You can configure URL filtering for user defined Data Security Policy groups and the Global Policy
Group.
Group.
Step 1
Navigate to the Web Security Manager > Cisco IronPort Data Security page.
Step 2
Click the link in the policies table under the URL Categories column for the policy group you want to
edit.
edit.
Step 3
Optionally, in the Custom URL Category Filtering section, you can add custom URL categories on which
to take action in this policy:
to take action in this policy:
a.
Click Select Custom Categories.
b.
Choose which custom URL categories to include in this policy and click Apply.
Choose which custom URL categories the URL filtering engine should compare the client request
against. The URL filtering engine compares client requests against included custom URL
categories, and ignores excluded custom URL categories. The URL filtering engine compares the
URL in a client request to included custom URL categories before predefined URL categories.
against. The URL filtering engine compares client requests against included custom URL
categories, and ignores excluded custom URL categories. The URL filtering engine compares the
URL in a client request to included custom URL categories before predefined URL categories.
Decrypt
Allows the connection, but inspects the traffic content. The appliance decrypts the
traffic and applies Access Policies to the decrypted traffic as if it were a plaintext
HTTP connection. By decrypting the connection and applying Access Policies, you
can scan the traffic for malware. You might want to decrypt connections to third
party email providers, such as gmail or hotmail.
traffic and applies Access Policies to the decrypted traffic as if it were a plaintext
HTTP connection. By decrypting the connection and applying Access Policies, you
can scan the traffic for malware. You might want to decrypt connections to third
party email providers, such as gmail or hotmail.
For more information about how the appliance decrypts HTTPS traffic, see
.
Drop
Drops the connection and does not pass the connection request to the server. The
appliance does not notify the user that it dropped the connection. You might want to
drop connections to third party proxies that allow users on the network bypass the
organization’s acceptable use policies.
appliance does not notify the user that it dropped the connection. You might want to
drop connections to third party proxies that allow users on the network bypass the
organization’s acceptable use policies.
Table 17-4
URL Category Filtering for Decryption Policies (continued)
Action
Description