18-14
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 18 Managing Firewall Web Filter Rules
Configuring Web Filter Rules for IOS Devices
IOS Web Filter Exclusive Domain Name Dialog Box
Use the IOS Web Filter Exclusive Domain Name dialog box to configure local web filtering rules for
IOS devices. You can create a list of permitted or denied domain names or IP addresses. The device
checks this list before forwarding web requests to your web filtering server.
Using local filtering saves the wait time for getting a response from the server when a user requests a
web site that you know you will either always permit or always deny.
Navigation Path
To open this dialog box, select the Exclusive Domains tab on the Web Filter Rules Page (IOS),
page 18-11, click Add Row to create a new rule, or select a row and click Edit Row to edit an existing
rule.
Related Topics
Configuring Web Filter Rules for IOS Devices, page18-10
Understanding Web Filter Rules, page18-1
Chapter 18, “Managing Firewall Web Filter Rules”
Java Applet Scanning
Enable Java Applet Scanner
If you select Enable Java Applet Scanning, the device checks for the
presence of Java applets in HTTP traffic coming from web servers to
internal hosts. If a Java applet is present and the web server (applet
source) is in the list of permitted sources, the Java applet is left
unmodified in the HTTP traffic. Otherwise, the Java applets are
removed from HTTP pages.
Tip When you enable web filtering, Java applets are inspected,
which can affect performance. By enabling the Java applet
scanner, you can identify a list of permitted or denied sources
and avoid inspection for those applets. Even if you do not want
to deny any sources, enable scanning and permit the any
source.
Permit Traffic
Applet Sources
The list of permitted or denied source addresses for Java applets. To
configure a list of permitted or denied sources:
Select either Permit from Specified Sources or Deny from
Specified Sources. If you want to create both a permit and deny
list, create two separate web filter rules. If you do not configure a
permit list, all sources are denied.
Enter the list of permitted or denied addresses in the Applet
Sources field. The list can include host IP addresses, network
addresses, address ranges, or network/host objects, but cannot
include domain names. Separate multiple addresses with commas.
For more information on entering addresses, see Specifying IP
Addresses During Policy Definition, page 6-81.
Table18-6 IOS Web Filter Rule and Applet Scanner Dialog Box (Continued)
Element Description