Filter
Top Products
18-7
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 18 Managing Firewall Web Filter Rules
Configuring Web Filter Rules for ASA, PIX, and FWSM Devices
Sources
Destinations
The source or destination of the traffic. You can enter more than one
value by separating the items with commas.
You can enter any combination of the following address types to define
the source or destination of the traffic. For more information, see
Specifying IP Addresses During Policy Definition, page 6-81.
• Network/host object. Enter the name of the object or click Select
to select it from a list. You can also create new network/host objects
from the selection list.
• Host IP address, for example, 10.10.10.100.
• Network address, including subnet mask, in either the format
10.10.10.0/24 or 10.10.10.0/255.255.255.0.
• A range of IP addresses, for example, 10.10.10.100-10.10.10.200.
• An IP address pattern in the format 10.10.0.10/255.255.0.255,
where the mask is a discontiguous bit mask (see Contiguous and
Discontiguous Network Masks for IPv4 Addresses, page 6-75).
Services The services that define the port number of the traffic to act on. You can
enter more than one value by separating the items with commas.
The service must use TCP. Your specification defines the port that you
want filtered (the service name has no meaning). For example, if you
want to filter port 80, use the HTTP service object. If HTTP traffic on
your network uses a different port, specify TCP/port number (for
example, TCP/8080). You can enter TCP by itself to filter all ports.
You can enter any combination of service objects and service types
(which are typically a protocol and port combination). If you type in a
service, you are prompted as you type with valid values. You can select
a value from the list and press Enter or Tab.
For complete information on how to specify services, see
Understanding and Specifying Services and Service and Port List
Objects, page 6-86.
Allow traffic if URL Filter
Server unavailable
(URL, FTP, HTTPS only)
Whether to permit unfiltered traffic on outbound connections if all of
the URL filtering servers are unavailable. If you do not select this
option, all affected outbound traffic (HTTP, FTP, or HTTPS) is blocked
until at least one filtering server becomes available.
Block connection to HTTP
Proxy Server
(URL only)
Whether to prevent users from connecting to an HTTP proxy server.
Truncate CGI request by
removing CGI parameters
(URL only)
When a URL has a parameter list starting with a question mark (?), such
as a CGI script, whether to truncate the URL sent to the filtering server
by removing all characters after and including the question mark.
Block outbound requests if
absolute FTP path is not
provided
(FTP only)
Whether to prevent interactive FTP sessions that do not provide the
entire directory path when the user tries to change directories.
Table 18-2 Add and Edit PIX/ASA/FWSM Web Filter Rule Dialog Boxes (Continued)
Element Description