Cisco Cisco Web Security Appliance S170 사용자 가이드
U N C A T E G O R I Z E D U R L S
C H A P T E R 1 4 : U R L F I L T E R S
289
Enable the Dynamic Content Analysis engine when you enable Cisco IronPort Web Usage
Controls on the Security Services > Acceptable Use Controls page.
Controls on the Security Services > Acceptable Use Controls page.
After the Dynamic Content Analysis engine categorizes a URL, it stores the category verdict
and URL in a temporary cache. This allows future transactions to benefit from the earlier
response scan and be categorized at request time instead of at response time, and it improves
overall performance.
and URL in a temporary cache. This allows future transactions to benefit from the earlier
response scan and be categorized at request time instead of at response time, and it improves
overall performance.
The Dynamic Content Analysis engine categorizes URLs when controlling access to websites
in Access Policies only. It does not categorize URLs when determining policy group
membership or when controlling access to websites using Decryption or IronPort Data
Security Policies. This is because the engine works by analyzing the response content from
the destination server, so it cannot be used on decisions that must be made at request time
before any response is downloaded from the server.
in Access Policies only. It does not categorize URLs when determining policy group
membership or when controlling access to websites using Decryption or IronPort Data
Security Policies. This is because the engine works by analyzing the response content from
the destination server, so it cannot be used on decisions that must be made at request time
before any response is downloaded from the server.
Enabling the Dynamic Content Analysis engine can impact transaction performance.
However, most transactions are categorized using the Cisco IronPort Web Usage Controls
URL categories database, so the Dynamic Content Analysis engine is usually only called for a
small percentage of transactions.
However, most transactions are categorized using the Cisco IronPort Web Usage Controls
URL categories database, so the Dynamic Content Analysis engine is usually only called for a
small percentage of transactions.
Note — It is possible for an Access Policy, or an Identity used in an Access Policy, to define
policy membership by a predefined URL category and for the Access Policy to perform an
action on the same URL category. In this case, it is also possible for the URL in the request to
be uncategorized when determining Identity and Access Policy group membership, but to be
categorized by the Dynamic Content Analysis engine after receiving the server response. In
this scenario, Cisco IronPort Web Usage Controls ignores the category verdict from the
Dynamic Content Analysis engine and the URL retains the “uncategorized” verdict for the
remainder of the transaction. However, future transactions still benefit from the new category
verdict.
policy membership by a predefined URL category and for the Access Policy to perform an
action on the same URL category. In this case, it is also possible for the URL in the request to
be uncategorized when determining Identity and Access Policy group membership, but to be
categorized by the Dynamic Content Analysis engine after receiving the server response. In
this scenario, Cisco IronPort Web Usage Controls ignores the category verdict from the
Dynamic Content Analysis engine and the URL retains the “uncategorized” verdict for the
remainder of the transaction. However, future transactions still benefit from the new category
verdict.
Uncategorized URLs
An uncategorized URL is a URL that does not match any pre-defined URL category or
included
included
custom URL category.
Note — When determining policy group membership, a custom URL category is considered
included only when it is selected for policy group membership.
included only when it is selected for policy group membership.
All transactions resulting in unmatched categories are reported on the Monitor > URL
Categories page as “Uncategorized URLs.” A large number of uncategorized URLs are
generated from requests to web sites within the internal network. Because this type of internal
transaction can falsely inflate reporting data and misrepresent the efficacy of the URL filtering
engine, IronPort recommends using custom URL categories to group internal URLs and allow
all requests to internal web sites. This decreases the number of web transactions reported as
“Uncategorized URLs” and instead reports internal transactions as part of “URL Filtering
Bypassed” statistics.
Categories page as “Uncategorized URLs.” A large number of uncategorized URLs are
generated from requests to web sites within the internal network. Because this type of internal
transaction can falsely inflate reporting data and misrepresent the efficacy of the URL filtering
engine, IronPort recommends using custom URL categories to group internal URLs and allow
all requests to internal web sites. This decreases the number of web transactions reported as
“Uncategorized URLs” and instead reports internal transactions as part of “URL Filtering
Bypassed” statistics.
For more information, see “Understanding Unfiltered and Uncategorized Data” on page 309.