Cisco Cisco Web Security Appliance S170 사용자 가이드
A P P L I C A T I O N S
C H A P T E R 9 : A C C E S S P O L I C I E S
179
Figure 9-3 on page 178 shows two different decision points that involve the web reputation
score of the destination server. The web reputation score of the server is evaluated only once,
but the result is applied at two different points in the decision flow.
score of the destination server. The web reputation score of the server is evaluated only once,
but the result is applied at two different points in the decision flow.
Applications
You can use the Applications settings on the Access Policies > Applications page to control
policy group access to protocols and configure blocking for Internet applications (also known
as user agents), such as instant messenging clients, web browsers, and Internet phone
services. You can also configure the appliance to tunnel HTTP CONNECT requests on
specific ports. With tunneling enabled, the appliance passes HTTP traffic through specified
ports without evaluating it.
policy group access to protocols and configure blocking for Internet applications (also known
as user agents), such as instant messenging clients, web browsers, and Internet phone
services. You can also configure the appliance to tunnel HTTP CONNECT requests on
specific ports. With tunneling enabled, the appliance passes HTTP traffic through specified
ports without evaluating it.
For more information about blocking user agents, see “Blocking Specific Applications and
Protocols” on page 182.
Protocols” on page 182.
Figure 9-4 Custom Settings for Controlling Applications
Note — When the HTTPS Proxy is enabled, you can only use Decryption Policies to control
access to HTTPS transactions. You cannot configure Access Policies on this page to block
HTTPS connections.
access to HTTPS transactions. You cannot configure Access Policies on this page to block
HTTPS connections.
URL Categories
AsyncOS for Web allows you to configure how the appliance handles a transaction based on
the URL category of a particular HTTP or HTTPS request. Using a predefined category list,
you can choose to monitor or block content by category. You can also create custom URL
categories and choose to allow, monitor, block, or redirect traffic for a website in the custom
the URL category of a particular HTTP or HTTPS request. Using a predefined category list,
you can choose to monitor or block content by category. You can also create custom URL
categories and choose to allow, monitor, block, or redirect traffic for a website in the custom