Cisco Cisco Web Security Appliance S170 사용자 가이드
16-13
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Chapter 16 URL Filters
Filtering Transactions Using URL Categories
Note
If you want to block a particular URL category for HTTPS requests,
choose to decrypt that URL category in the Decryption Policy group and
then choose to block the same URL category in the Access Policy group.
choose to decrypt that URL category in the Decryption Policy group and
then choose to block the same URL category in the Access Policy group.
Step 5
In the Uncategorized URLs section, choose the action to take for client requests
to web sites that do not fall into a predefined or custom URL category. You can
choose any action listed in
to web sites that do not fall into a predefined or custom URL category. You can
choose any action listed in
.
Step 6
Submit and commit your changes.
Configuring URL Filters for Data Security Policy Groups
You can configure URL filtering for user defined Data Security Policy groups and
the Global Policy Group.
the Global Policy Group.
To configure URL filtering in a Data Security Policy group:
Step 1
Navigate to the Web Security Manager > IronPort Data Security page.
Decrypt
Allows the connection, but inspects the traffic content. The
appliance decrypts the traffic and applies Access Policies to
the decrypted traffic as if it were a plaintext HTTP
connection. By decrypting the connection and applying
Access Policies, you can scan the traffic for malware. You
might want to decrypt connections to third party email
providers, such as gmail or hotmail.
appliance decrypts the traffic and applies Access Policies to
the decrypted traffic as if it were a plaintext HTTP
connection. By decrypting the connection and applying
Access Policies, you can scan the traffic for malware. You
might want to decrypt connections to third party email
providers, such as gmail or hotmail.
For more information about how the appliance decrypts
HTTPS traffic, see
HTTPS traffic, see
.
Drop
Drops the connection and does not pass the connection
request to the server. The appliance does not notify the user
that it dropped the connection. You might want to drop
connections to third party proxies that allow users on the
network bypass the organization’s acceptable use policies.
request to the server. The appliance does not notify the user
that it dropped the connection. You might want to drop
connections to third party proxies that allow users on the
network bypass the organization’s acceptable use policies.
Action
Description