Filtering Urls And Ftp Requests With An External Server; Url Filtering Overview; Identifying The Filtering Server - Cisco PIX 500 Series Configuration Manual

Filtering URLs and FTP Requests with an External Server

Filtering URLs and FTP Requests with an External Server
This section describes how to filter URLs and FTP requests with an external server. This section includes
the following topics:
•
•
•
•
•
•
•

URL Filtering Overview

You can apply filtering to connection requests originating from a more secure network to a less secure
network. Although you can use ACLs to prevent outbound access to specific content servers, managing
usage this way is difficult because of the size and dynamic nature of the Internet. You can simplify
configuration and improve security appliance performance by using a separate server running one of the
following Internet filtering products:
•
•
This release does not support the url-cache command for URL filtering.
Note
Although security appliance performance is less affected when using an external server, users may notice
longer access times to websites or FTP servers when the filtering server is remote from the security
appliance.
When filtering is enabled and a request for content is directed through the security appliance, the request
is sent to the content server and to the filtering server at the same time. If the filtering server allows the
connection, the security appliance forwards the response from the content server to the originating client.
If the filtering server denies the connection, the security appliance drops the response and sends a
message or return code indicating that the connection was not successful.
If user authentication is enabled on the security appliance, then the security appliance also sends the user
name to the filtering server. The filtering server can use user-specific filtering settings or provide
enhanced reporting regarding usage.

Identifying the Filtering Server

You can identify up to four filtering servers per context. The security appliance uses the servers in order
until a server responds. You can only configure a single type of server (Websense or Secure Computing
SmartFilter ) in your configuration.
Cisco Security Appliance Command Line Configuration Guide
20-4
URL Filtering Overview, page 20-4
Identifying the Filtering Server, page 20-4
Buffering the Content Server Response, page 20-6
Caching Server Addresses, page 20-6
Filtering HTTP URLs, page 20-7
Filtering HTTPS URLs, page 20-8
Filtering FTP Requests, page 20-9
Websense Enterprise for filtering HTTP, HTTPS, and FTP.
Secure Computing SmartFilter (formerly N2H2) for filtering HTTP, HTTPS, FTP, and long URL
filtering.
Chapter 20 Applying Filtering Services
OL-12172-03