Cisco Cisco Web Security Appliance S170 사용자 가이드

H O W W E B R E P U T A T I O N F I L T E R I N G W O R K S

C H A P T E R 1 5 : W E B R E P U T A T I O N F I L T E R S

333

H O W WE B R E P U T A T I O N F I L T E R I N G WO R K S

Web Reputation Scores are associated with an action to take on a URL request. The available
actions depend on the policy group type that is assigned to the URL request:

• Access Policies. You can choose to block, scan, or allow.

• Decryption Policies. You can choose to drop, decrypt, or pass through.

You can configure each policy group to correlate an action to a particular Web Reputation
Score.

Web Reputation in Access Policies

Table 15-1 describes the default Web Reputation Scores for Access Policies.

For example, by default, URLs in an HTTP request that are assigned a Web Reputation Score
of +7 are allowed and require no further scanning. However, a weaker score for an HTTP
request, such as +3, is automatically forwarded to the IronPort DVS engine where it is
scanned for malware. Any URL in an HTTP request that has a very poor reputation is blocked.

Table 15-1 Default Web Reputation Scores for Access Policies

Score

Action

Description

Example

-10 to -6.0

Block

Bad site. The request is blocked,
and no further malware scanning
occurs.

• URL downloads information without

user permission.

• Sudden spike in URL volume.
• URL is a typo of a popular domain.

-5.9 to 5.9

Scan

Undetermined site. Request is
passed to the DVS engine for
further malware scanning. The
DVS engine scans the request
and server response content.

• Recently created URL that has a dynamic

IP address and contains downloadable
content.

• Network owner IP address that has a

positive Web Reputation Score.

6.0 to 10.0

Allow

Good site. Request is allowed.
No malware scanning required.

• URL contains no downloadable content.
• Reputable, high-volume domain with

long history.

• Domain present on several allow lists.
• No links to URLs with poor reputations.