Manualshelf

User's Manual

ManualsBrandsCisco Systems ManualsSecurity CameraCisco Systems CL-28826-01
821822823824825826827828829830
18-2
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 18 Managing Firewall Web Filter Rules
Configuring Web Filter Rules for ASA, PIX, and FWSM Devices
Beside filtering requests based on URL, you can do some applet filtering, stripping out ActiveX or Java
applets. You might want to do this to prevent applet downloads from sites you otherwise want to allow
if you do not fully trust the site. You can configure your rules to block these applets from specific sites
while allowing them from trusted sites.
The policies and procedures for configuring web filter rules differs based on the device type. See the
following topics for more information:
Configuring Web Filter Rules for ASA, PIX, and FWSM Devices, page 18-2
Configuring Web Filter Rules for IOS Devices, page 18-10
Configuring Web Filter Rules for ASA, PIX, and FWSM Devices
Web filter rules policies for ASA, PIX, and FWSM devices define how you want to handle HTTP, FTP,
and HTTPS traffic. You can also filter ActiveX and Java applets. Web filter rules permit or deny traffic
based on the Universal Resource Locator (URL) address in the web request. If you allow HTTP traffic
in your access rules, you can subsequently deny (or drop) traffic if it is directed at an objectionable web
or FTP site, or you can strip out ActiveX or Java applets from untrusted sources.
To configure web filtering rules for ASA, PIX, and FWSM devices:
1. Configure the rules that identify traffic that should be subject to filtering, and the traffic that should
be exempt from filtering rules (see below for the procedure).
2. Configure web filter settings to identify the URL filtering server and other settings. For more
information, see Configuring Settings for Web Filter Servers, page 18-15.
Related Topics
Understanding Web Filter Rules, page 18-1
Using Sections to Organize Rules Tables, page 12-20
Adding and Removing Rules, page 12-9
Editing Rules, page 12-9
Enabling and Disabling Rules, page 12-20
Moving Rules and the Importance of Rule Order, page 12-19
Understanding Networks/Hosts Objects, page 6-74
Understanding and Specifying Services and Service and Port List Objects, page 6-86
Step 1 Do one of the following to open the Web Filter Rules Page (ASA/PIX/FWSM), page 18-3:
Device view—Select Firewall > Web Filter Rules from the Policy selector.
Policy view—Select Firewall > Web Filter Rules (PIX/FWSM/ASA) from the Policy Type select.
Select an existing policy or create a new one.
Step 2 Select the row after which you want to create the rule and click the Add Row button or right-click and
select Add Row. This opens the Add and Edit PIX/ASA/FWSM Web Filter Rule Dialog Boxes,
page 18-5.