Content filtering IOS / user / HTTPS
Hello!
We are looking for a small client to IOS content filtering and I hope someone can answer a few questions about this quickly.
(1) can you make content by user, strategies... so different filtering for different users by username? I see that you can do by addy/range of IP, it seems
(2) can make HTTPS inspection? It wasn't able to earlier, just to check to see if something has changed!
Thank you!
Ben
(1) No, IOS content with trend filtering cannot do by user content filtering.
(2) it cannot inspect HTTPS too.
If you want to have both the above, you can go with cloud of ScanSafe, URL filtering and Malware/Spyware Windows. It is supported as well by the user content filtering as well as HTTPS inspection.
Here is the guide of IOS on Web Filtering of ScanSafe for your reference:
http://www.Cisco.com/en/us/docs/iOS-XML/iOS/sec_data_zbf/configuration/15-2mt/ScanSafe-Web-sec.html
http://www.Cisco.com/en/us/docs/security/web_security/ISR_SS/ISR_ScanSafe_SolutionGuide.PDF
Hope that answers your questions.
Tags: Cisco Security
Similar Questions
-
Hi all
Cisco ios content filtering there a cache and a user interface to connect the websites visited and the ip addresses that visit these sites?
Yes, there is action, you can configure under the plan setting.
You can also view using the below command
IOSrouter# sh policy-map type inspect zone-pair urlfilter cache detail
policy exists on zp zp
Zone-pair: zp
Service-policy inspect : trend-global-policy
Class-map: www (match-all)
Match: protocol http
Inspect
Maximum number of bytes in cache: 262144
Time to live for each cache entry (in hrs): 24
Total number of bytes used by cache: 453
Number of bytes used by domain type cache: 353
Number of bytes used by directory type cache: 100
---------------------------------------------------------------------------------------------
URL Age Idle time/ Cat::Rep
(Directory cache end with /) (day:h:m:s) access #
-----------------------------------------------------------------------------------------------
yahoo.com 0:16:47:30 2 56::1
ad.doubleclick.net 0:00:00:10 1 72::1
static.eharmony.com/static../ 0:00:00:06 0:00:00:04 12::1
Unfortunately, you can not see who has accessed to their.
I hope it helps.
PK
-
expiry of ios content filtering
Hello
now that the IOS using Trend Micro content filtering is EOL and replaced by ScanSafe, can someone tell if ScanSafe is a subscription based and what are the new SKUS of ScanSafe references
Thank you
Yes, Scansafe is on subscription and license of user base.
in regard to SKU, you might want to contact your representative local Cisco.
-
Issue of certificate IOS content filtering
Hello
Regarding the configuration of the Cisco IOS content filtering, the certificate that must be downloaded from this page (applicationshttp://cisco.com/en/US/products/ps5854/products_configuration_example09186a0080816c23.shtml the router IP address... What happens if it's not a static public ip address and a dynamic?
Ill be grateful with any input on this...
Thank you and best regards,
The cert install page auto request ip address in order to go to the router and the provision by installing cert on this.
If the router must have http enabled from this page will give you the ip address and the tool will ask you the credentials of the router and connect and install the necessary certificate.
If the ip address is dynamic bit is important because you will need to install the cert only once.
I hope it helps.
PK
-
Doesn´t 'filter' https content filtering
I RV082 is running the latest firmware if I try to activate web filerfing under "Content filtering" by web address or keyword ony he works for HTTP sites. Lets say, I try to block www.facebook.com I get ""this URL or the Page has been blocked " "
If I type https://www.facebook.com facebook without problem. It looks that the HTTP protocol is checked and blocked.
Also if I try to 'Planning' and apply rule from 08:00 to 13:00 it allows me to access it. Am I missing something?
Hi Mario, HTTPS can not really be blocked unless the router is able to perform a reverse DNS lookup. If you want to block https flavors of a Web site you need a service that can perform the DNS inverted like OpenDNS.
-Tom
Please mark replied messages useful -
Issue with 890 series SRI URL content filtering
Hello, I'm wondering if anyone can confirm whether or not the URL content filtering subscription available for these routerts has the abiliuty to selectively apply only to users you want. Or rather, to computers, perhaps by MAC address. We seek to implement a configuration of whitelist of URLS, but only for the publick workstations.
Thank you.
It's been a while but I think that content filtering is done through the MQC (style class-map/policy-map). You could just create a class map for guests you care and then put them through the policy of inspecting it.
-
iCloud, sharing photos for Non - iOS users
So, I use iCloud for about two years now, and it does for the most part, what I want and need to. However, whenever my family and I go camping during the weekend, take a vacation or just to Barbecue a Sunday afternoon, we have a ton of photos on a large number of devices. For the wife and children, this isn't a problem since we have all of the iPhones and use iCloud. But, it seems that we are facing a problem whenever someone on an Android phone has a few pictures they want help or like to download some pictures that we have added.
Y at - it an easy way for non - iOS users view and/or edit albums shared iCloud without going through a several-step process (transfer of office, download third party app, etc..)? It is my understanding that an Android user should be able to display/change via a web browser, but don't seems to work. I looked at other cloud services and apps, and major issues, in that I continue to run are:
1: having to pay another Cloud Computing service, when I already pay for iCloud is not economic.
2: I find a lot of the photo-sharing applications and services give a lot of storage, but at a cost to the quality of the photos. My wife and her friends are always doing something creative with your impressions so even some 'high quality' compression can degrade enough make it unusable.
3: I have a hard time to ask someone to download an application, not to mention of asking them to pay for one. Nor am I comfortable someone jump through hoops, just so that I can watch through a batch of photos in the hope of finding one or two which are useful.
So, is there an easy way to do it, or I'm stuck or wait for Apple to understand a feature like this would be useful or leave iCloud for a solution amicably more cross-platform? I do not understand that Apple needs to focus on the development and support of applications and services for its ecosystem and customer, but would it not make sense to make it convenient for outside users to have a great experience too?
I don't know what problems you encountered but the sharing Web site works fine for me.
-
I have a Samsung Galaxy SII with T-Mobile. Model SGH-T989, version 2.3.6 Android #is
"Content filtering" is the Android Market to limit some applications that can be accessed in "mature" content. You can disable content filtering in the settings of the application market on your phone.
-Michelle
-
Can I move the contents of "C:\Users\myname\AppData\Local" to another drive in my computer? I have a 64 GB SSD and these files decrease the size of my disk. I know that I can delete them manually. I move the 'temp' and 'tmp' on another disk. Can I move the other too?
C:\>set
ALLUSERSPROFILE = C:\programdata
AppData=C:\Users\Mr.Daza\AppData\Roaming
CommonProgramFiles = c: files
COMPUTERNAME = MRDAZA1
ComSpec=C:\Windows\system32\cmd.exe
DFSTRACINGON = FALSE
FP_NO_HOST_CHECK = NO
HOMEDRIVE = C:
HOMEPATH=\Users\Mr.Daza
LocalAppData=C:\Users\Mr.Daza\AppData\Local
LOGONSERVER = \\MRDAZA1
NUMBER_OF_PROCESSORS = 4
OS = Windows_NT
Path = c: Files\Microsoft Shared live; C:\Windows\syst
em32; C:\Windows; C:\Windows\System32\Wbem; C:\Windows\System32\WindowsPowerShell\v
1.0\; C:\Program Files\Windows Live\Shared
PATHEXT = .COM; EXE;. BEATS;. CMD;. VBS;. VBE;. JS;. JSE;. WSF;. WSH;. MSC
PROCESSOR_ARCHITECTURE = x 86
PROCESSOR_IDENTIFIER = x 86 family 16 model 2 Stepping 3, AuthenticAMD
PROCESSOR_LEVEL = 16
PROCESSOR_REVISION = 0203
ProgramData = ProgramData
ProgramFiles = c: Program Files
PROMPT = $P$ G
PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
PUBLIC = C:\Users\Public
SESSION = Console
SystemDrive = C:
SystemRoot = C:\Windows
TEMP = E:\TEMPOR~1\Perfil\Temp
TMP = E:\TEMPOR~1\Perfil\TMP
TP_ApisHookObjectsRoot_PID3548 = 65FD78
TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.Corp.Microsoft.com\4F18C3A5-CA09-4DBD-
B6FC-219FDD4C6BE0\TraceFormat
USERDOMAIN = MrDaza1
USERNAME = Mr.Daza
UserProfile=C:\Users\Mr.Daza
windir = C:\WindowsHi Mr.Daza,
It is not possible to move the content. This can cause applications to malfunction. However the next time you install a program, you can choose where you want to install it.
-
Customize the Web content filtering block Page
Does anyone how and where I can customize the block page on a SonicWall NSA 240 of web content filtering? Also, I can't using the details I thought I configured, what do you advise for this problem also?
Kind regards
RocknRollTim
You can customize the block page CFS in respect of Security Services > Content Filter > scroll down to bottom & customize it under 'block the Web page to display when '.
-
images of the SSL vpn-html-content filtering
Hello
I'm trying to do content filtering via ssl VPN (clientless) on ASA 5505
Above command is supposed to block anything with the html img tag, but it seems not to do.
# sh run Group Policy
Group without internal customer-grp-policy policy
attributes without customer-grp-policy-group policy
value of server DNS 8.8.8.8
VPN-tunnel-Protocol webvpn
Split-tunnel-policy tunnelall
WebVPN
bookmark URL-list value
filtering the content-HTML-java images cookies
SVC request to enable default webvpn
#sh run tunnel-group
Remote clientless-tunnel tunnel-group type
attributes global-tunnel-group clientless-tunnel
without client group policy - by default-grp-policy
tunnel-group clientless-tunnel webvpn-attributes
Group-alias clientless-alias enable
What I'm missing here? or am I just misunderstood how it works?
Thank you!
Hello
How it works for you?
Thank you.
Portu.
-
We have implemented the WCC 11.1.1.8 (with last MLR) and WCC ADF - UI (with last MLR). It is asymmetric in front with OSH (we use 12.1.3 for her) and a load balancer. Load Balancing ends HTTPS.
Now the WCC ADF - UI works fine if connecting directly with HTTP to through the OHS, but fails to display the content of docx and pptx documents (it displays 'Content encoding error' in the document display panel) to go with HTTPS through the load balancer.
Links to download and links to both PDF and HTML of the working paper (so the BOVINE infectious rhinotraecheitis and dynamic converter do their job Amora), it's just presentation in the user interface that does not work.
Does anyone know the solution fo this?
The SSL is terminated to the load balancer.
We have solved the problem already. At the level of the managed server weblogic plugin active flag was not set. Although this flag is set on the domain level, it seems necessary to put it on the server managed by level as well to the content of the iframe (usually the defaulting of the page).
In just this indicator time and restarting the managed server, it works. @
-
Website content filtering / Virus detection device
Hi all
I'm in the market for a content / url / device for our network of virus scanning. We currently use the Web MXLogic defence service, and while it is very cheap it is not suited to our needs. What I want is a device that will do filtering of content, but also viruses / malware / spyware scan on web traffic. I would also need to be able to setup policies / groups different set of users. For example the people who buy the products we sell must be able to see our content of multimedia (streaming) video sellers so that our sales people don't. I can't currently do with MXLogic, it's all or nothing.
Our firewall is an ASA5510 and I looked at the module Content Security SSM-10 with the greater license and while the price is really attractive I have a few questions about it. It integrates with MS Active Directory? In other words, and it filters based on policies and groups or more IP / ACL based? Also does perform well?
I have looked also sell IronPort product cisco and have similar questions about it especially which people experience with it, it's something that you would recommend?
Hi Allen,.
To answer your questions related to the CSC module:
1. No, the CSC module does not fit with Active Directory. It's something that Trend Micro has in the works, but right now, there is no ETA for this feature.
2. the module CSC happen enough well if used in the environment it was designed for. I recommend watching CSC sizing guide to see if the CSC-SSM-10 would be something that is scalable enough for your network:
I can't speak to the performance/features of IronPort like I the have not used personally, but I've heard good things. Also, external devices of Websense seem to be a popular choice when you need a product that is a little more scalable or granular than can provide the CSC module.
Hope that helps.
-Mike
-
Firefox not to honor the "Offline Web content and data user" settings
Firefox still accept web content offline and the user data, I have never any notification regardless of the 'tell me when a website asks to store data for use in offline mode' parameter (in preferences > advanced > network).
I also completely erased all: permissions tab regardless of the "all sites > offline storage" storage offline implementation is always allowed.
Here is one - step by step to reproduce my problem.
1. make sure all: permissions is clear
2 make sure that the list to: Preferences > network > "the following Web sites are..." "is that clear
3. close the preferences window
4 go to go to http://appcachefacts.info/demo/ ... No notification about the offline cache will appear.
5. open the preferences, the list of preferences > network > "the following Web sites are..." »
Will fill up now with http://appcachefacts.info (1.1 MB)This article list persists even after closing the browser window and re - open.
This happens with a total disregard for the settings described in the first paragraph.I found a related question, but it's old and archived:
https://support.Mozilla.org/he/questions/981189Firefox will store small amounts (less than 50 MB) of data without asking permission.
- offline - apps.allow_by_default; true
- offline - apps.quota.warn; 51200
You can switch the pref in offline mode - apps.allow_by_default to false to make Firefox ask.
-
DataBind method call returns null in the WebCenter content filtering
Hello
I got code that has a problem and I am new to the WebCenter content and filters that can be added. We have a FileNameFilter class that begins with the code
/ public class CWEFileNameFilter implements FilterImplementor {}
public CWEFileNameFilter() {}
Super();
}
public int doFilter (workspace workspace, DataBinder dataBinder,
ExecutionContext executionContext) throw {DataException
Service string = dataBinder.getLocal ("IdcService");
....
}
}
However, service is sometimes return null and then filter throws a NPE.
My questions are:
(1) can we explain what dataBinder.getLocal ("IdcService"); is done and why it might come back as null
(2) anyone can provide links to documentation that explains the filters and a little more on the object DataBinder as the JavaDoc is not much help.
Thank you
MarcHi Marc,
Below the code will give the name of the service for which the filter is implemented LocalData
Service string = dataBinder.getLocal ("IdcService");
for example below
http://localhost:16200/cs/idcplg? IdcService = DOC_INFO_BY_NAME & dDocName = 1111111 & IsJava
This example displays the entire response including localdata data and results that are created in the execution of the service. Here is the code snippet
LocalData @Properties
DocUrl =https://localhost:16200/cs/weblayout/groups/secure/documents/test/mhdk/mjg1/1111111.pdf
IdcService = DOC_INFO_BY_NAME
If String = dataBinder.getLocal ("IdcService") service; Service = "DOC_INFO_BY_NAME."
Under blog will give an idea about the filter but the best place to learn or start is "The Definitive Guide to Stellent Content Server Development" by Brian Huff
http://www.redstonecontentsolutions.com/technical-blog/UCM-service-handlers-and-javafilters
Also, I recommend reading ' WebCenter Content Services Reference Guide '
http://docs.Oracle.com/CD/E23943_01/doc.1111/e11011/TOC.htm
Kind regards
Amol Germain.
Maybe you are looking for
-
No mails a file with header showing the number of unread emails!
My Mozilla Thunderbird works very well for several of my Gmail, Hotmail and Yahoo email accounts. However, for one of my Yahoo accounts, I have several records that show the number of unread in this folder but no mail mails that can be downloaded or
-
Just bought a SanDisk Cruzer 32 GB USB drive and I cannot make it work all the... I Plug and it appears normal, try copying something for him and he gives everything just delayed write messages failed because it is copying. Either he stops on the cop
-
Xperia XA in Zoom camera problem
Recently, I'm fast covering an event at our place by using my device to send it quickly to the telegram. I take expanded shots but apparently when it is saved, she saves the entire image, not the picture zoomed in. When you record a video, zoom works
-
I got sms API related in bbndk
In the reference Document I've seen as associated SMS APIs such as SmsTransport etc... with the bb directory structure:im::message:msTransport. In the dirctory real sdk installed these sms API does not exist I will know what is the reason for this.
-
Where can I find instructions step by step the procedure copy config tftp saved from a production to a hot spare 515 515E? Thank you.