Filtering URLs
Most organizations today have human resources policies that specify indecent materials
cannot be brought into the workplace. Similarly, most organizations have network security
policies that prohibit users from visiting websites that are categorized as indecent or
inappropriate to the business mission of the organization.
Using other content-filtering vendor products, the Cisco Security Appliance enforces network
security policy as it relates to URL filtering. When a user issues an HTTP request to a website,
the Cisco Security Appliance sends the request to the web server and to the URL-filtering
server at the same time. If the policy on the URL-filtering server permits the connection, the
Cisco Security Appliance allows the reply from the website to reach the user who issued the
original request. If the policy on the URL-filtering server denies the connection, the Cisco
Security Appliance redirects the user to a block page, indicating that access was denied.
The PIX Firewall works in conjunction with two types of URL-filtering application servers:
■ Websense Enterprise—Supported by Cisco Security Appliance Version 5.3 and later
■ N2H2 Sentian—Supported by Cisco Security Appliance Version 6.2