Cisco Cisco Web Security Appliance S170 사용자 가이드

C H A P T E R

10-1

Cisco IronPort AsyncOS 7.5.7 for Web User Guide

Access Policies

This chapter contains the following information:

•

Access Policies Overview, page 10-1

•

Evaluating Access Policy Group Membership, page 10-3

•

Creating Access Policies, page 10-4

•

Controlling HTTP and Native FTP Traffic, page 10-7

•

Blocking Specific Applications and Protocols, page 10-12

Access Policies Overview

AsyncOS for Web uses multiple web security features in conjunction with its Web Proxy and DVS
engine to control web traffic, protect networks from web-based threats, and enforce organization
acceptable use policies. You can define policies that determine which HTTP connections are allowed and
blocked.

To configure the appliance to handle HTTP requests, perform the following tasks:

Step 1

Enable the Web Proxy. To allow or block HTTP traffic, you must first enable the Web Proxy. Usually,
the Web Proxy is enabled during the initial setup using the System Setup Wizard. For more information,
see

Configuring the Web Proxy, page 6-2

Step 2

Create and configure Access Policy groups. After the Web Proxy is enabled, you create and configure
Access Policy groups to determine how to handle each request from each user. For more information,
see

Access Policy Groups, page 10-1

Access Policy Groups

Access Policies define how the Web Proxy handles HTTP and FTP requests and decrypted HTTPS
connections for network users. You can apply different actions to specified groups of users. You can also
specify which ports the Web Proxy monitors for HTTP transactions.

Note

HTTP PUT and POST requests are handled by Outbound Malware Scanning, Cisco IronPort Data
Security, and External DLP Policies. For more information, see

Data Security and External DLP Policies

Overview, page 14-1

and

Outbound Malware Scanning, page 13-1