Cisco Cisco Web Security Appliance S170 사용자 가이드
236
I R O N P O R T A S Y N C O S 6 . 5 F O R W E B U S E R G U I D E
WO R K I N G W I T H D A T A S E C U R I T Y A N D E X T E R N A L D L P PO L I C I E S
IronPort Data Security Policies and External DLP Policies define how the Web Proxy handles
HTTP requests and decrypted HTTPS connections for transactions that upload data to a server
(upload requests). However, IronPort Data Security Policies use logic defined on the Web
Security appliance and External DLP Policies use logic defined on the DLP system. An upload
request is an HTTP or decrypted HTTPS request that has content in the request body.
HTTP requests and decrypted HTTPS connections for transactions that upload data to a server
(upload requests). However, IronPort Data Security Policies use logic defined on the Web
Security appliance and External DLP Policies use logic defined on the DLP system. An upload
request is an HTTP or decrypted HTTPS request that has content in the request body.
When the Web Proxy receives an upload request, it compares the request to the Data Security
and External DLP Policy groups to determine which policy group to apply. If both types of
policies are configured, it compares the request to IronPort Data Security Policies before
external DLP Policies. After it assigns the request to a policy group, it compares the request to
the policy group’s configured control settings to determine what to do with the request.
and External DLP Policy groups to determine which policy group to apply. If both types of
policies are configured, it compares the request to IronPort Data Security Policies before
external DLP Policies. After it assigns the request to a policy group, it compares the request to
the policy group’s configured control settings to determine what to do with the request.
How you configure the appliance to handle upload requests depends on the policy group
type. For more information, see “Data Security Policy Groups” on page 236 and “External
DLP Policy Groups” on page 237.
type. For more information, see “Data Security Policy Groups” on page 236 and “External
DLP Policy Groups” on page 237.
Note — Upload requests that try to upload files with a size of zero (0) bytes are not evaluated
against IronPort Data Security or External DLP Policies.
against IronPort Data Security or External DLP Policies.
Data Security Policy Groups
To configure the Web Security appliance to handle upload requests on the appliance itself,
perform the following tasks:
perform the following tasks:
1. Enable the IronPort Data Security Filters. To scan upload requests on the appliance, you
must first enable the IronPort Data Security Filters. Usually, the IronPort Data Security
Filters feature is enabled during the initial setup using the System Setup Wizard.
Otherwise, go to the Security Services > Data Security Filters page to enable it.
Filters feature is enabled during the initial setup using the System Setup Wizard.
Otherwise, go to the Security Services > Data Security Filters page to enable it.
2. Create and configure Data Security Policy groups. After the IronPort Data Security Filters
feature is enabled, you create and configure Data Security Policy groups to determine
how to handle upload requests from each user.
how to handle upload requests from each user.
IronPort Data Security Policies use URL filtering, web reputation, and upload content
information when evaluating the upload request. You configure each of these security
components to determine whether or not to block the upload request. For more information
about the security components that you can configure and how the Web Proxy uses Data
Security Policy groups to control upload requests, see “Controlling Upload Requests Using
IronPort Data Security Policies” on page 245.
information when evaluating the upload request. You configure each of these security
components to determine whether or not to block the upload request. For more information
about the security components that you can configure and how the Web Proxy uses Data
Security Policy groups to control upload requests, see “Controlling Upload Requests Using
IronPort Data Security Policies” on page 245.
When the Web Proxy compares an upload request to the control settings, it evaluates the
settings in order. Each control setting can be configured to perform one of the following
actions for IronPort Data Security Policies:
settings in order. Each control setting can be configured to perform one of the following
actions for IronPort Data Security Policies:
• Block. The Web Proxy does not permit the connection and instead displays an end user
notification page explaining the reason for the block.