Cisco Cisco Web Security Appliance S370 Guia Do Utilizador
7-2
AsyncOS 9.2 for Cisco Web Security Appliances User Guide
Chapter 7 Create Decryption Policies to Control HTTPS Traffic
Managing HTTPS Traffic through Decryption Policies Best Practices
Managing HTTPS Traffic through Decryption Policies Task Overview
Managing HTTPS Traffic through Decryption Policies
Best Practices
Best Practices
•
Create fewer, more general Decryption Policy groups that apply to all users or fewer, larger groups
of users on the network. Then, if you need to apply more granular control to decrypted HTTPS
traffic, use more specific Access Policy groups.
of users on the network. Then, if you need to apply more granular control to decrypted HTTPS
traffic, use more specific Access Policy groups.
Decryption Policies
The appliance can perform any of the following actions on an HTTPS connection request:
All actions except Monitor are final actions the Web Proxy applies to a transaction. A final action is an
action that causes the Web Proxy to stop evaluating the transaction against other control settings. For
example, if a Decryption Policy is configured to monitor invalid server certificates, the Web Proxy makes
no final decision on how to handle the HTTPS transaction if the server has an invalid certificate. If a
Decryption Policy is configured to block servers with a low Web reputation score, then any request to a
server with a low reputation score is dropped without considering the URL category actions.
action that causes the Web Proxy to stop evaluating the transaction against other control settings. For
example, if a Decryption Policy is configured to monitor invalid server certificates, the Web Proxy makes
no final decision on how to handle the HTTPS transaction if the server has an invalid certificate. If a
Decryption Policy is configured to block servers with a low Web reputation score, then any request to a
server with a low reputation score is dropped without considering the URL category actions.
Step
Task List for Managing HTTPS Traffic
through Decryption Policies
through Decryption Policies
Links to Related Topics and Procedures
1
Enabling the HTTPS proxy
2
Upload or Generate a certificate and key
•
•
3
Configuring Decryption options
5
(Optional) Configure invalid certificate
handling
handling
6
(Optional) Enabling real-time
revocation status checking
revocation status checking
7
(Optional) Manage trusted and blocked
certificates
certificates
Option
Description
Monitor
Monitor is an intermediary action that indicates the Web Proxy should continue
evaluating the transaction against the other control settings to determine which final
action to ultimately apply.
evaluating the transaction against the other control settings to determine which final
action to ultimately apply.
Drop
The appliance drops the connection and does not pass the connection request to the
server. The appliance does not notify the user that it dropped the connection.
server. The appliance does not notify the user that it dropped the connection.
Decrypt
The appliance allows the connection, but inspects the traffic content. It decrypts the
traffic and applies Access Policies to the decrypted traffic as if it were a plaintext HTTP
connection. By decrypting the connection and applying Access Policies, you can scan
the traffic for malware.
traffic and applies Access Policies to the decrypted traffic as if it were a plaintext HTTP
connection. By decrypting the connection and applying Access Policies, you can scan
the traffic for malware.