Chapter 20 Applying Filtering Services; Filtering Overview - Cisco PIX 500 Series Configuration Manual

Applying Filtering Services
This chapter describes ways to filter web traffic to reduce security risks or prevent inappropriate use.
This chapter includes the following sections:
•
•
•
•
•

Filtering Overview

This section describes how filtering can provide greater control over traffic passing through the security
appliance. Filtering can be used in two distinct ways:
•
•
Instead of blocking access altogether, you can remove specific undesirable objects from HTTP traffic,
such as ActiveX objects or Java applets, that may pose a security threat in certain situations.
You can also use URL filtering to direct specific traffic to an external filtering server, such an Secure
Computing SmartFilter (formerly N2H2) or Websense filtering server. Long URL, HTTPS, and FTP
filtering can now be enabled using both Websense and Secure Computing SmartFilter for URL filtering.
Filtering servers can block traffic to specific sites or types of sites, as specified by the security policy.
This release does not support the url-cache command for URL filtering.
Note
Because URL filtering is CPU-intensive, using an external filtering server ensures that the throughput
of other traffic is not affected. However, depending on the speed of your network and the capacity of
your URL filtering server, the time required for the initial connection may be noticeably slower when
filtering traffic with an external filtering server.
OL-12172-03
Filtering Overview, page 20-1
Filtering ActiveX Objects, page 20-2
Filtering Java Applets, page 20-3
Filtering URLs and FTP Requests with an External Server, page 20-4
Viewing Filtering Statistics and Configuration, page 20-9
Filtering ActiveX objects or Java applets
Filtering with an external filtering server
C H A P T E R
Cisco Security Appliance Command Line Configuration Guide
20
20-1