Руководство Пользователя для Cisco Cisco Web Security Appliance S170
18-21
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 18 URL Filters
Redirecting Traffic
•
BLOCK_CONTINUE_CONTENT_UNSAFE
For more information on the ACL decision tags, see
Redirecting Traffic
In addition to using the Web Security appliance to monitor and block traffic to certain websites, you can
also use it to redirect users to a different website. You can configure the appliance to redirect traffic
originally destined for a URL in a custom URL category to a location you specify. This allows you to
redirect traffic at the appliance instead of at the destination server.
also use it to redirect users to a different website. You can configure the appliance to redirect traffic
originally destined for a URL in a custom URL category to a location you specify. This allows you to
redirect traffic at the appliance instead of at the destination server.
You might want to redirect traffic at the appliance if your organization published the links to an internal
site, but the location of the site changed since publication, or if you do not have control over the web
server.
site, but the location of the site changed since publication, or if you do not have control over the web
server.
Configure the appliance to redirect custom URL categories to another location when you configure the
URL categories for an Access Policy group. You can redirect traffic for a custom Access Policy group
or the Global Policy Group.
URL categories for an Access Policy group. You can redirect traffic for a custom Access Policy group
or the Global Policy Group.
To redirect traffic, you must define at least one custom URL category. For more information about
creating custom URL categories, see
creating custom URL categories, see
Note
Beware of infinite loops when you configure the appliance to redirect traffic. For example, if you redirect
traffic destined for http://A.example.com to http://B.example.com and you also inadvertently redirect
traffic destined for http://B.example.com to http://A.example.com, then you create an infinite loop. In
this case, the appliance redirects the traffic back and forth between the two URLs indefinitely.
traffic destined for http://A.example.com to http://B.example.com and you also inadvertently redirect
traffic destined for http://B.example.com to http://A.example.com, then you create an infinite loop. In
this case, the appliance redirects the traffic back and forth between the two URLs indefinitely.
Logging and Reporting
When you redirect traffic, the access log entry for the originally requested website has an ACL tag that
starts with REDIRECT_CUSTOMCAT. Later in the access log (typically the next line) appears the entry
for the website to which the user was redirected.
starts with REDIRECT_CUSTOMCAT. Later in the access log (typically the next line) appears the entry
for the website to which the user was redirected.
The reports displayed on the Reporting tab display redirected transactions as “Allowed.”
Redirecting Traffic in the Access Policies
To redirect traffic:
Step 1
Navigate to the Web Security Manager > Access Policies page.
Step 2
Click the link under the URL Categories column for an Access Policy group or the Global Policy Group.
The Access Policies: URL Filtering: policyname page appears.
Step 3
In the Custom URL Category Filtering section, click Select Custom Categories.
Step 4
In the Select Custom Categories for this Policy dialog box, choose “Include in policy” for the custom
URL category you want to redirect.
URL category you want to redirect.
Step 5
Click Apply.
Step 6
Click the Redirect column for the custom category you want to redirect.