Руководство Пользователя для Cisco Cisco Web Security Appliance S170
U S E R E X P E R I E N C E W I T H B L O C K E D R E Q U E S T S
C H A P T E R 1 1 : D A T A S E C U R I T Y A N D E X T E R N A L D L P P O L I C I E S
215
consist of relatively small POST requests that are harmless, but can take up many lines in the
log files. This creates a lot of “noise” in the logs that can make it difficult to find and
troubleshoot the true data security violations, such as users uploading company files using
their personal email account.
log files. This creates a lot of “noise” in the logs that can make it difficult to find and
troubleshoot the true data security violations, such as users uploading company files using
their personal email account.
To help reduce the number of upload requests recorded in the log files, you can define a
minimum request body size, below which upload requests are not scanned by the IronPort
Data Security Filters or the external DLP server.
minimum request body size, below which upload requests are not scanned by the IronPort
Data Security Filters or the external DLP server.
To do this, use the following CLI commands:
•
datasecurityconfig.
Applies to the IronPort Data Security Filters.
•
externaldlpconfig.
Applies to the configured external DLP servers.
The default minimum request body size is 4 KB (4096 bytes) for both CLI commands. Valid
values are 1 to 64 KB. The size you specify applies to the entire size of the upload request
body.
values are 1 to 64 KB. The size you specify applies to the entire size of the upload request
body.
Note — All chunk encoded uploads and all native FTP transactions are scanned by the
IronPort Data Security Filters or external DLP servers when enabled. However, they can still
be bypassed based on a custom URL category. For more information, see Figure 11-3 on page
226.
IronPort Data Security Filters or external DLP servers when enabled. However, they can still
be bypassed based on a custom URL category. For more information, see Figure 11-3 on page
226.
User Experience with Blocked Requests
When the IronPort Data Security Filters or an external DLP server blocks an upload request, it
provides a block page that the Web Proxy sends to the end user. However, not all websites
display the block page to the end user. For example, some Web 2.0 websites display dynamic
content using javascript instead of a static webpage and are not likely to display the block
page. Users are still properly blocked from performing data security violations, but they may
not always be informed of this by the website.
provides a block page that the Web Proxy sends to the end user. However, not all websites
display the block page to the end user. For example, some Web 2.0 websites display dynamic
content using javascript instead of a static webpage and are not likely to display the block
page. Users are still properly blocked from performing data security violations, but they may
not always be informed of this by the website.