CHAP TER
18-1
User Guide for Cisco Security Manager 4.4
OL-28826-01
18
Managing Firewall Web Filter Rules
Web filter rules policies define policies for allowing or preventing web traffic based on the requested
URL or the applet content of the traffic. For ASA, PIX, and FWSM devices, you can also filter FTP and
HTTPS traffic.
How you configure web filter rules is different depending on whether the device uses ASA, PIX or
FWSM software as opposed to Cisco IOS Software.
The following topics help you work with web filter rules:
Understanding Web Filter Rules, page18-1
Configuring Web Filter Rules for ASA, PIX, and FWSM Devices, page 18-2
Configuring Web Filter Rules for IOS Devices, page18-10
Configuring Settings for Web Filter Servers, page18-15

Understanding Web Filter Rules

Web filter rules policies define policies for allowing or preventing web traffic based on the requested
URL or the applet content of the traffic. For ASA, PIX, and FWSM devices, you can also filter FTP and
HTTPS traffic.
Web, or URL, filtering allows you to control which web sites and web content your users have access to.
For example, you might consider some types of content to create a hostile work environment for the
people in your organization (for example, web sites that provide pornography). You might consider some
web sites to be unsafe and a source of potential viral applications. Using web filter rules, you can block
access to these objectionable or unsafe sites.
To filter web requests, you should install an external web filtering server, either Websense or SmartFilter
(N2H2). For ASA, PIX, and FWSM devices, these external servers are required for URL, FTP, or HTTPS
filtering. For IOS devices, you can also use these servers, but additionally you can create local lists of
whitelisted (always allowed) or blacklisted (always denied) URLs. You configure the filtering servers in
the web filter settings policy; see Configuring Settings for Web Filter Servers, page 18-15.
Tip For IOS devices, you have the option of configuring web filtering using zone-based firewall rules instead
of web filter rules, which allows you the additional option of using Trend Micro web filtering servers.
For more information, see Chapter 21, “Managing Zone-based Firewall Rules”.