Cisco Cisco Web Security Appliance S390 사용자 가이드
E V A L U A T I N G R O U T I N G P O L I C Y G R O U P M E M B E R S H I P
C H A P T E R 9 : W O R K I N G W I T H E X T E R N A L P R O X I E S
173
E V A L U A T I N G R O U T I N G PO L I C Y G R O U P M E M B E R S H I P
After the Web Proxy assigns an Identity to a client request, it evaluates the request against the
other policy types to determine which policy group it belongs for each type. Any request that
does not get terminated due to failed authentication gets evaluated against the Routing
Policies to determine from where to fetch the data.
other policy types to determine which policy group it belongs for each type. Any request that
does not get terminated due to failed authentication gets evaluated against the Routing
Policies to determine from where to fetch the data.
Once the Web Proxy assigns a Routing Policy group to a request, it fetches the content from
the location configured for the policy group, either from a configured proxy group or directly
from the server.
the location configured for the policy group, either from a configured proxy group or directly
from the server.
To determine the policy group that a client request matches, the Web Proxy follows a very
specific process for matching the group membership criteria. During this process, it considers
the following factors for group membership:
specific process for matching the group membership criteria. During this process, it considers
the following factors for group membership:
• Identity. Each client request either matches an Identity, fails authentication and is granted
guest access, or fails authentication and gets terminated. For more information about
evaluating Identity group membership, see “Evaluating Identity Group Membership” on
page 127.
evaluating Identity group membership, see “Evaluating Identity Group Membership” on
page 127.
• Authorized users. If the assigned Identity requires authentication, the user must be in the
list of authorized users in the Routing Policy group to match the policy group.
• Advanced options. You can configure several advanced options for Routing Policy group
membership. Some of the options (such as proxy port, and URL category) can also be
defined within the Identity. When an advanced option is configured in the Identity, it is
not configurable in the Routing Policy group level.
defined within the Identity. When an advanced option is configured in the Identity, it is
not configurable in the Routing Policy group level.
The information in this section gives an overview of how the appliance matches client
requests to Routing Policy groups. For more details about exactly how the appliance matches
client requests, see “Matching Client Requests to Routing Policy Groups” on page 173.
requests to Routing Policy groups. For more details about exactly how the appliance matches
client requests, see “Matching Client Requests to Routing Policy Groups” on page 173.
The Web Proxy sequentially reads through each policy group in the policies table. It
compares the client request status to the membership criteria of the first policy group. If they
match, the Web Proxy applies the policy settings of that policy group.
compares the client request status to the membership criteria of the first policy group. If they
match, the Web Proxy applies the policy settings of that policy group.
If they do not match, the Web Proxy compares the client request to the next policy group. It
continues this process until it matches the client request to a user defined policy group, or if it
does not match a user defined policy group, it matches the global policy group. When the
Web Proxy matches the client request to a policy group or the global policy group, it applies
the policy settings of that policy group.
continues this process until it matches the client request to a user defined policy group, or if it
does not match a user defined policy group, it matches the global policy group. When the
Web Proxy matches the client request to a policy group or the global policy group, it applies
the policy settings of that policy group.
Matching Client Requests to Routing Policy Groups
Figure 9-2 on page 174 shows how the Web Proxy evaluates a client request against the
Routing Policy groups.
Routing Policy groups.