Cisco Cisco Web Security Appliance S170 사용자 가이드
11-20
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 11 Processing HTTPS Traffic
Controlling HTTPS Traffic
Therefore, for explicit HTTPS transactions, it is possible to match a routing policy based on URL or port
number.
number.
Controlling HTTPS Traffic
After the Web Security appliance assigns an HTTPS connection request to a Decryption Policy group,
the connection request inherits the control settings of that policy group. The control settings of the
Decryption Policy group determine whether the appliance decrypts, drops, or passes through the
connection. For more information about the actions the appliance can take on an HTTPS request, see
the connection request inherits the control settings of that policy group. The control settings of the
Decryption Policy group determine whether the appliance decrypts, drops, or passes through the
connection. For more information about the actions the appliance can take on an HTTPS request, see
.
Configure control settings for Decryption Policy groups on the Web Security Manager > Decryption
Policies page.
Policies page.
shows where you can configure control settings for the Decryption Policy groups.
Figure 11-4
Decryption Policies Table
You can configure the following settings to determine what action to take on the HTTPS connection:
•
URL categories. You can configure the action to take on HTTPS requests for each predefined and
custom URL category. Click the link under the URL Categories column for the policy group you
want to configure. For more information about working with URL filters, see
custom URL category. Click the link under the URL Categories column for the policy group you
want to configure. For more information about working with URL filters, see
. For more information about configuring URL categories, see
Note
If you want to block (with end-user notification) a particular URL category for HTTPS requests
instead of drop (with no end-user notification), choose to decrypt that URL category in the
Decryption Policy group and then choose to block the same URL category in the Access Policy
group.
instead of drop (with no end-user notification), choose to decrypt that URL category in the
Decryption Policy group and then choose to block the same URL category in the Access Policy
group.
•
Web reputation. You can configure the action to take on HTTPS requests based on the web
reputation score of the requested server. Click the link under the Web Reputation column for the
policy group you want to configure. For more information about working with web reputation
scores, see
reputation score of the requested server. Click the link under the Web Reputation column for the
policy group you want to configure. For more information about working with web reputation
scores, see
.
•
Default action. You can configure the action the appliance should take when none of the other
settings apply. Click the link under the Default Action column for the policy group you want to
configure.
settings apply. Click the link under the Default Action column for the policy group you want to
configure.