Руководство Пользователя для Cisco Cisco Web Security Appliance S170
17-7
AsyncOS 10.0 for Cisco Web Security Appliances User Guide
Chapter 17 Notify End-Users of Proxy Actions
End-User Notification Pages
Off-Box End-User Notification Pages
The Web Proxy can be configured to redirect all HTTP end-user notification pages to a specific URL
that you specify.
that you specify.
Displaying the Correct Off-Box Page Based on the Reason for Blocking Access
By default, AsyncOS redirects all blocked websites to the URL regardless of the reason why it blocked
the original page. However, AsyncOS also passes parameters as a query string appended to the redirect
URL so you can ensure that the user sees a unique page explaining the reason for the block. For more
information on the included parameters, see
the original page. However, AsyncOS also passes parameters as a query string appended to the redirect
URL so you can ensure that the user sees a unique page explaining the reason for the block. For more
information on the included parameters, see
.
When you want the user to view a different page for each reason for a blocked website, construct a CGI
script on the web server that can parse the query string in the redirect URL. Then the server can perform
a second redirect to an appropriate page.
script on the web server that can parse the query string in the redirect URL. Then the server can perform
a second redirect to an appropriate page.
URL Criteria for Off-Box Notification Pages
•
You can use any HTTP or HTTPS URL.
•
The URL may specify a specific port number.
•
The URL may not have any arguments after the question mark.
•
The URL must contain a well-formed hostname.
For example, if you have the following URL entered in the Redirect to Custom URL field:
http://www.example.com/eun.policy.html
And you have the following access log entry:
Then AsyncOS creates the following redirected URL:
Off-Box End-User Notification Page Parameters
AsyncOS passes the parameters to the web server as standard URL Parameters in the HTTP GET request.
It uses the following format:
It uses the following format:
<notification_page_url>?param1=value1¶m2=value2
1182468145.492 1 172.17.0.8 TCP_DENIED/403 3146 GET http://www.espn.com/index.html
HTTP/1.1 - NONE/- - BLOCK_WEBCAT-DefaultGroup-DefaultGroup-NONE-NONE-DefaultRouting
<IW_sprt,-,-,-,-,-,-,-,-,-,-,-,-,-,-,IW_sprt,-> -
http://www.example.com/eun.policy.html?Time=21/Jun/
2007:23:22:25%20%2B0000&ID=0000000004&Client_IP=172.17.0.8&User=-
&Site=www.espn.com&URI=index.html&Status_Code=403&Decision_Tag=
BLOCK_WEBCAT-DefaultGroup-DefaultGroup-NONE-NONE-DefaultRouting
&URL_Cat=Sports%20and%20Recreation&WBRS=-&DVS_Verdict=-&
DVS_ThreatName=-&Reauth_URL=-