CHAPTER
14-1
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
14
Filtering HTTP, HTTPS, or FTP Requests Using an
External Server
This section tells how to enable HTTP, HTTPS, or FTP filtering for inside users, and contains the
following topics:
• Filtering Overview, page 14-1
• Configuring General Filtering Parameters, page 14-2
• Filtering HTTP URLs, page 14-5
• Filtering HTTPS URLs, page 14-6
• Filtering FTP Requests, page 14-6
• Viewing Filtering Statistics, page 14-6
Filtering Overview
Although you can use ACLs to prevent outbound access to specific websites or FTP servers, configuring
and managing web usage this way is not practical because of the size and dynamic nature of the Internet.
We recommend that you use the Firewall Services Module (FWSM) in conjunction with a separate server
running one of the following Internet filtering products:
• Websense Enterprise—http://www.websense.com. Supports HTTP, HTTPS, and FTP filtering.
• Sentian by N2H2—http://www.n2h2.com. Supports HTTP filtering. Although some versions of
Sentian support HTTPS, the FWSM only supports HTTP with Sentian.
Because URL filtering is handled on a separate platform, the performance of the FWSM is less affected.
However, filtering can considerably increase access times to websites or FTP servers when the filtering
server is remote from the FWSM.
When a user issues an HTTP, HTTPS, or FTP GET request, the FWSM sends the request to the web/FTP
server as well as to the filtering server at the same time. If the filtering server permits the connection for
the user, then the following action occurs for each request type:
• For HTTP, the FWSM allows the reply from the web server to reach the user who issued the original
request.
• For HTTPS, the FWSM allows the completion of SSL connection negotiation, and allows the reply
from the web server to reach the user who issued the original request.
• For FTP, the FWSM allows the successful FTP return code to reach the user unchanged. For
example, a successful return code is “250: CWD command successful.”
To Next Page
Loading...
Need help?
General