Cisco Cisco Web Security Appliance S160 Guia Do Utilizador
12-3
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Chapter 12 Data Security and External DLP Policies
Data Security and External DLP Policies Overview
Bypassing Upload Requests Below a Minimum Size
Many websites are interactive, meaning users send data as well as receive data.
Users might send data when logging into a website or sending simple form data.
A lot of web traffic can consist of relatively small POST requests that are
harmless, but can take up many lines in the log files. This creates a lot of “noise”
in the logs that can make it difficult to find and troubleshoot the true data security
violations, such as users uploading company files using their personal email
account.
Users might send data when logging into a website or sending simple form data.
A lot of web traffic can consist of relatively small POST requests that are
harmless, but can take up many lines in the log files. This creates a lot of “noise”
in the logs that can make it difficult to find and troubleshoot the true data security
violations, such as users uploading company files using their personal email
account.
To help reduce the number of upload requests recorded in the log files, you can
define a minimum request body size, below which upload requests are not scanned
by the IronPort Data Security Filters or the external DLP server.
define a minimum request body size, below which upload requests are not scanned
by the IronPort Data Security Filters or the external DLP server.
To do this, use the following CLI commands:
•
datasecurityconfig.
Applies to the IronPort Data Security Filters.
•
externaldlpconfig.
Applies to the configured external DLP servers.
The default minimum request body size is 4 KB (4096 bytes) for both CLI
commands. Valid values are 1 to 64 KB. The size you specify applies to the entire
size of the upload request body.
commands. Valid values are 1 to 64 KB. The size you specify applies to the entire
size of the upload request body.
Note
All chunk encoded uploads and all native FTP transactions are scanned by the
IronPort Data Security Filters or external DLP servers when enabled. However,
they can still be bypassed based on a custom URL category. For more information,
see
IronPort Data Security Filters or external DLP servers when enabled. However,
they can still be bypassed based on a custom URL category. For more information,
see
User Experience with Blocked Requests
When the IronPort Data Security Filters or an external DLP server blocks an
upload request, it provides a block page that the Web Proxy sends to the end user.
However, not all websites display the block page to the end user. For example,
some Web 2.0 websites display dynamic content using javascript instead of a
static webpage and are not likely to display the block page. Users are still properly
blocked from performing data security violations, but they may not always be
informed of this by the website.
upload request, it provides a block page that the Web Proxy sends to the end user.
However, not all websites display the block page to the end user. For example,
some Web 2.0 websites display dynamic content using javascript instead of a
static webpage and are not likely to display the block page. Users are still properly
blocked from performing data security violations, but they may not always be
informed of this by the website.