User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Web Security Appliance S170

301

302

303

304

305

306

307

308

309

310

CONFIGURING URL FILTERS FOR DATA SECURITY POLICY GROUPS

CHAPTER 13: URL FILTERS 279

3. In the Custom URL Category Filtering section, choose an action for each custom URL

category. Table 13-3 describes each action.

4. In the Predefined URL Category Filtering section, choose one of the following actions for

each category:

• Use Global Settings

Table 13-3 URL Category Filtering for IronPort Data Security Policies

Action Description

Include

(Exclude)

Choose whether or not the URL filtering engine should compare the

client request against the custom URL category. The URL filtering engine

compares client requests against included custom URL categories, and

ignores excluded custom URL categories.

The URL filtering engine compares the URL in a client request to

included custom URL categories before predefined URL categories.

However, by default, custom URL categories are excluded from

evaluation. You can override this behavior by clicking the Include link for

a custom URL category.

Once you click the Include link, it changes to an Exclude link to allow

you to exclude the category in the policy again.

When a custom URL category is excluded in the global IronPort Data

Security Policy, then the default action for included custom URL

categories in user defined IronPort Data Security Policies is Monitor

instead of Use Global Settings. You cannot choose Use Global Settings

when a custom URL category is excluded in the global IronPort Data

Security Policy.

Note: You must include a custom URL category before you can choose

an action, such as block, to assign to it.

Use Global Setting Uses the action for this category in the Global Policy Group. This is the

default action for user defined policy groups.

Applies to user defined policy groups only.

Allow Always allows upload requests for web sites in this category. Applies to

custom URL categories only.

Allowed requests bypass all further data security scanning and the

request is evaluated against Access Policies.

Only use this setting for trusted web sites. You might want to use this

setting for internal sites.

Monitor The Web Proxy neither allows nor blocks the request. Instead, it

continues to evaluate the upload request against other policy group

control settings, such as web reputation filtering.

Block The Web Proxy denies transactions that match this setting.