18-11
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter18 Managing Firewall Web Filter Rules
Configuring Web Filter Rules for IOS Devices
Understanding Networks/Hosts Objects, page 6-74
Step 1 Do one of the following to open the Web Filter Rules Page (IOS), page18-11:
Device view—Select Firewall > Web Filter Rules from the Policy selector.
Policy view—Select Firewall > Web Filter Rules (IOS) from the Policy Type select. Select an
existing policy or create a new one.
Step 2 Configure the interfaces on which you will filter HTTP traffic. Create rules for each interface on which
you will enable filtering:
a. Select the Web Filter Rules tab if it is not already selected and do one of the following to open the
IOS Web Filter Rule and Applet Scanner Dialog Box, page18-13:
To create a new rule, right-click inside the work area and select Add Row.
To edit an existing rule, right-click the rule and select Edit Row.
b. Identify the interface for which this rule applies. You can either enter the interface name or click
Select to select it or an interface role from the list. Also configure the following:
Traffic direction with respect to the interface—Typically, you want to select In so that undesired
traffic is dropped before the device spends more time processing the packet.
Java applet scanning—If you enable web filtering on an interface, Java applets are inspected,
which can affect performance. Typically, you want to enable Java applet scanning so that you
can identify permitted and denied sources and avoid the scanning of denied applets. If you want
to configure both permitted and denied sources for an interface, you must configure two rules
for the interface.
c. Click OK to add the rule to the web filtering rules table.
Step 3 (Optional) Configure the list of exclusive domains, which define the local filtering list. This list is
applied before web requests are sent to the external web filtering server (defined on the Web Fi lter
Settings Page, page 18-16). If you know there are web sites that you will always permit (such as your
organization’s web site) or deny, configure them in the local list. Configure as many rules as needed to
define the complete list.
a. Click the Exclusive Domains tab and do one of the following to open the IOS Web Filter Exclusive
Domain Name Dialog Box, page 18-14.
To create a new rule, right-click inside the work area and select Add Row.
To edit an existing rule, right-click the rule and select Edit Row.
b. Select whether you are permitting or denying the specified domains, and enter the domain names or
host IP addresses. You can enter either full domain names (the names of specific web sites) or partial
names (for entire domains you want to treat the same way).
c. Click OK to add your exclusive domain rule to the policy.
Web Filter Rules Page (IOS)
Use the Web Filter Rules page for IOS devices to configure web, or URL, filtering rules. Web filtering
is a type of HTTP inspection. If your access rules allow HTTP traffic on an interface, you can configure
rules to apply local and server-based web filtering to prevent users from accessing undesirable web
servers.