Applying Filtering Services
This chapter describes ways to filter web traffic to reduce security risks or prevent inappropriate use.
This chapter includes the following sections:
•
•
•
•
•
Filtering Overview
This section describes how filtering can provide greater control over traffic passing through the FWSM.
Filtering can be used in two ways:
•
•
Instead of blocking access altogether, you can remove specific undesirable objects from HTTP traffic,
such as ActiveX objects or Java applets, that may pose a security threat in certain situations.
You can also use URL filtering to direct specific traffic to an external filtering server, such an Secure
Computing SmartFilter (formerly N2H2) or Websense filtering server. Filtering servers can block traffic
to specific sites or types of sites, as specified by the security policy.
Because URL filtering is CPU-intensive, using an external filtering server ensures that the throughput of
other traffic is not affected. However, depending on the speed of your network and the capacity of your
URL filtering server, the time required for the initial connection may be noticeably slower when filtering
traffic with an external filtering server.
Filtering ActiveX Objects
This section describes how to apply filtering to remove ActiveX objects from HTTP traffic passing
through the firewall. This section includes the following topics:
•
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Filtering Overview, page 18-1
Filtering ActiveX Objects, page 18-1
Filtering Java Applets, page 18-3
Filtering URLs and FTP Requests with an External Server, page 18-4
Viewing Filtering Statistics and Configuration, page 18-9
Filtering ActiveX objects or Java applets
Filtering URLs with an external filtering server
ActiveX Filtering Overview, page 18-2
Enabling ActiveX Filtering, page 18-2
18
C H A P T E R
18-1