Руководство Пользователя для Cisco Cisco Email Security Appliance C160
16-10
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 16 Protecting Against Malicious or Undesirable URLs
Taking Action Based on the Reputation or Category of URLs in Messages
URL Reputation and URL Category actions do not require a separate condition. Instead, the selected
action is applied based on the reputation or categories that you select in the URL Reputation or URL
Category action.
action is applied based on the reputation or categories that you select in the URL Reputation or URL
Category action.
The action is applied only to URLs that meet the criteria specified in the action. Other URLs in the
message are not modified.
message are not modified.
If you do not specify a category, the action you choose is applied to all messages.
URL reputation score ranges for clean, neutral, and malicious URLs are predefined and not editable.
However, you can specify a custom range instead. The specified endpoints are included in the range you
specify. For example, if you create a custom range from -8 to -10, then -8 and -10 are included in the
range. Use “No Score” for URLs for which a reputation score cannot be determined.
However, you can specify a custom range instead. The specified endpoints are included in the range you
specify. For example, if you create a custom range from -8 to -10, then -8 and -10 are included in the
range. Use “No Score” for URLs for which a reputation score cannot be determined.
Note
Neutral URL reputation means that URLs are currently clean, but may turn malicious in future, as they
are prone to attacks. For such URLs, administrators can create non-blocking policies, for example,
redirecting them to the Cisco Web Security Proxy for click-time evaluation.
are prone to attacks. For such URLs, administrators can create non-blocking policies, for example,
redirecting them to the Cisco Web Security Proxy for click-time evaluation.
The following URL-related actions are available:
•
Defang a URL so that it is unclickable. Message recipients can still see and copy the URL.
•
Redirect a URL so that if the message recipient clicks the link, the transaction is routed to a Cisco
web security proxy in the cloud, which blocks access if the site is malicious.
web security proxy in the cloud, which blocks access if the site is malicious.
Example: You might want to redirect all URLs in the Uncategorized category to the Cisco Cloud
Web Security proxy service, as malicious sites used in phishing attacks often do not exist long
enough to be classified.
Web Security proxy service, as malicious sites used in phishing attacks often do not exist long
enough to be classified.
See also
To redirect URLs to a different proxy, see the example in the following bullet.
Note
The Cisco Cloud Web Security proxy service has no configurable options in this release. For
example, there is no threat score threshold to adjust or action to specify based on threat
score.
example, there is no threat score threshold to adjust or action to specify based on threat
score.
•
Replace the URL with any text.
To include the original URL in the text that appears in the message, use the
$URL
variable.
Examples:
–
Replace all URLs in the Illegal Downloads category with a note:
Message from your system administrator: A link to an illegal downloads web site
has been removed from this message.
–
Include the original URL along with a warning:
WARNING! The following URL may contain malware: $URL
This becomes: WARNING: The following URL may contain malware: http://example.com.
–
Redirect to a custom proxy or web security service:
http://custom_proxy/$URL
This becomes: http://custom_proxy/http://example.com
The reputation and category of URLs that are included on the selected URL whitelist or on the global
URL whitelist are not evaluated.
URL whitelist are not evaluated.