Cisco Cisco Web Security Appliance S170 사용자 가이드
12-2
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 12 Outbound Malware Scanning
Evaluating Outbound Malware Scanning Policy Group Membership
Outbound Malware Scanning Policy Groups
Outbound Malware Scanning Policies define whether or not the Web Proxy blocks HTTP requests and
decrypted HTTPS connections for transactions that upload data to a server (upload requests). An upload
request is an HTTP or decrypted HTTPS request that has content in the request body.
decrypted HTTPS connections for transactions that upload data to a server (upload requests). An upload
request is an HTTP or decrypted HTTPS request that has content in the request body.
When the Web Proxy receives an upload request, it compares the request to the Outbound Malware
Scanning policy groups to determine which policy group to apply. After it assigns the request to a policy
group, it compares the request to the policy group’s configured control settings to determine whether to
block the request or monitor the request. When an Outbound Malware Scanning Policy determines to
monitor a request, it is evaluated against the Access Policies, and the final action the Web Proxy takes
on the request is determined by the applicable Access Policy.
Scanning policy groups to determine which policy group to apply. After it assigns the request to a policy
group, it compares the request to the policy group’s configured control settings to determine whether to
block the request or monitor the request. When an Outbound Malware Scanning Policy determines to
monitor a request, it is evaluated against the Access Policies, and the final action the Web Proxy takes
on the request is determined by the applicable Access Policy.
For more information on configuring Outbound Malware Scanning Policies to block requests based on
outbound malware, see
outbound malware, see
.
Note
Upload requests that try to upload files with a size of zero (0) bytes are not evaluated against Outbound
Malware Scanning Policies.
Malware Scanning Policies.
Evaluating Outbound Malware Scanning Policy Group
Membership
Membership
Each client request is assigned to an Identity and is then evaluated against the other policy types to
determine to which policy group it belongs for each type. The Web Proxy evaluates upload requests
against the Outbound Malware Scanning Policies.
determine to which policy group it belongs for each type. The Web Proxy evaluates upload requests
against the Outbound Malware Scanning Policies.
The Web Proxy applies the configured policy control settings to a client request based on the client
request’s policy group membership.
request’s policy group membership.
To determine the policy group that a client request matches, the Web Proxy follows a specific process
for matching the group membership criteria. During this process, it considers the following factors for
group membership:
for matching the group membership criteria. During this process, it considers the following factors for
group membership:
•
Identity. Each client request either matches an Identity, fails authentication and is granted guest
access, or fails authentication and is terminated. For more information about evaluating Identity
group membership, see
access, or fails authentication and is terminated. For more information about evaluating Identity
group membership, see
•
Authorized users. If the assigned Identity requires authentication, the user must be in the list of
authorized users in the Outbound Malware Scanning Policy group to match the policy group. The
list of authorized users can be any of the specified groups or users or can be guest users if the Identity
allows guest access.
authorized users in the Outbound Malware Scanning Policy group to match the policy group. The
list of authorized users can be any of the specified groups or users or can be guest users if the Identity
allows guest access.
•
Advanced options. You can configure several advanced options for Outbound Malware Scanning
Policy group membership. Some options, such as proxy port and URL category, can also be defined
within the Identity. When an advanced option is configured in the Identity, it is not configurable in
the Outbound Malware Scanning Policy group level.
Policy group membership. Some options, such as proxy port and URL category, can also be defined
within the Identity. When an advanced option is configured in the Identity, it is not configurable in
the Outbound Malware Scanning Policy group level.
The information in this section gives an overview of how the Web Proxy matches upload requests to
Outbound Malware Scanning Policy groups. For more details about exactly how the Web Proxy matches
client requests, see
Outbound Malware Scanning Policy groups. For more details about exactly how the Web Proxy matches
client requests, see
.