Cisco Cisco Web Security Appliance S170 사용자 가이드
9-10
AsyncOS 8.6 for Cisco Web Security Appliances User Guide
Chapter 9 Create Policies to Control Internet Requests
Access Control by URL Category
Volume Quota Calculations
Calculation of volume quotas is as follows:
•
HTTP and decrypted HTTPS traffic – The HTTP request and response body are counted toward
quota limits. The request headers and response headers will not be counted toward the limits.
quota limits. The request headers and response headers will not be counted toward the limits.
•
Tunnel traffic (including tunneled HTTPS) – AsyncOS simply shuttles the tunneled traffic from the
client to the server, and vice versa. The entire data volume of the tunnel traffic is counted toward
quota limits.
client to the server, and vice versa. The entire data volume of the tunnel traffic is counted toward
quota limits.
•
FTP – The control-connection traffic is not counted. The size of the file uploaded and downloaded
is counted toward quota limits.
is counted toward quota limits.
Note
Only client-side traffic is counted toward quota limits. Cached content also counts toward the limit, as
client-side traffic is generated even when a response is served from the cache.
client-side traffic is generated even when a response is served from the cache.
Time Quota Calculations
Calculation of time quotas is as follows:
•
HTTP and decrypted HTTPS traffic – The duration of each connection to the same URL category,
from formation to disconnect, plus one minute, is counted toward the time quota limit. If multiple
requests are made to the same URL category within one minute of each other, they are counted as
one continuous session and the one minute is added only at the end of this session (that is, after at
least one minute of “silence”).
from formation to disconnect, plus one minute, is counted toward the time quota limit. If multiple
requests are made to the same URL category within one minute of each other, they are counted as
one continuous session and the one minute is added only at the end of this session (that is, after at
least one minute of “silence”).
•
Tunnel traffic (including tunneled HTTPS) – The actual duration of the tunnel, from formation to
disconnect, counts toward quota limits. The above calculation for multiple requests applies to
tunneled traffic as well.
disconnect, counts toward quota limits. The above calculation for multiple requests applies to
tunneled traffic as well.
•
FTP – The actual duration of the FTP control session, from formation to disconnect, counts toward
quota limits. The above calculation for multiple requests applies to FTP traffic as well.
quota limits. The above calculation for multiple requests applies to FTP traffic as well.
Next Steps
•
(Optional) Navigate to Security Services > End-User Notification to configure end-user
notifications for quotas.
notifications for quotas.
Access Control by URL Category
You can identify and action web requests based on the category of website they address. The Web
Security appliance ships with many predefined URL categories by default, such as Web-based Email
and others.
Security appliance ships with many predefined URL categories by default, such as Web-based Email
and others.
Predefined categories, and the websites associated with them, are defined within filtering databases that
reside on the Web Security appliance. These databases are automatically kept up to date by Cisco. You
can also create user-defined custom URL categories, however, for hostnames and IP addresses that you
specify.
reside on the Web Security appliance. These databases are automatically kept up to date by Cisco. You
can also create user-defined custom URL categories, however, for hostnames and IP addresses that you
specify.
URL categories can be used by all policies except policies to identify requests. They can also be used by
Access, Encrypted HTTPS Management and Data Security policies to apply actions to requests.
Access, Encrypted HTTPS Management and Data Security policies to apply actions to requests.