Cisco Community
English
Register
Change to content subject titles: starting July 28 there is a limit on the number of characters to use - LEARN MORE HERE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.

3879
Views
0
Helpful
6
Replies
deernetwork
Beginner
Beginner
‎09-16-2010 07:44 AM
‎09-16-2010 07:44 AM

SA520 Content Filtering

We have a SA520 and want to enable the content filtering

However we found that the user can bypass the URL filter easily if the site provides https service

For example, we want to block facebook, and we have enter facebook in the block list

If the user browse using http://www.facebook.com, it blocks

However when the user using https://www.facebook.com, it works!

Is there any solution to close this backdoor?

Labels:
0 Helpful
6 REPLIES 6
nmanglik
Cisco Employee
Cisco Employee
‎09-24-2010 04:53 PM
‎09-24-2010 04:53 PM

Hi,

Currently SA500 only supports content filtering only on port 80.

Thanks,

Nitin.

0 Helpful
joshua
Beginner
Beginner
In response to nmanglik
‎03-05-2012 09:48 AM
‎03-05-2012 09:48 AM

Is it true SA520 only supports content filtering on port 80?  Has this been fixed?

0 Helpful
Eckhard Eilers
Beginner
Beginner
In response to joshua
‎03-05-2012 10:16 AM
‎03-05-2012 10:16 AM

sorry, maybe I am misunderstanding this issue, but on my 520 https content is also filtered.

firewall -> content filtering -> http port: 80, 443; web components: all ticked.

firewall -> content filtering -> blocked urls: www.facebook.com: website, facebook: URL Keyword

what am I doing wrong ... ? ;-)

kind regards

eckhard

0 Helpful
jasbryan
Frequent Contributor
Frequent Contributor
In response to Eckhard Eilers
‎03-06-2012 08:02 AM
‎03-06-2012 08:02 AM

Eckhard,

When the other engineer said the SA500 only filters content on port 80 we can only filter normal unencrypted web traffic. Since https is encrypted the router can't read the content at which the end user is accessing. Since the router can't read this content because it is encrypted then we can't filter any content that uses https or 443 traffic. That being said some people filter at the DNS query as i do. Instead of trying to block at content we can block the DNS query. OpenDns is a good way to accomplish blocking at DNS level.

Just an example if i blocking content for facebook.com

then if i use http://facebook.comthen i should get blocked

if i use https://facebook.com then since the traffic is being encrypted by the end user the router can't read any encrypted content therefore allowing the connection....

hope this explains further.

Jasbryan

0 Helpful
joshua
Beginner
Beginner
In response to jasbryan
‎03-06-2012 09:09 AM
‎03-06-2012 09:09 AM

Perfect!

0 Helpful
finalconnect
Participant
Participant
In response to jasbryan
‎05-10-2012 10:21 AM
‎05-10-2012 10:21 AM

That does not make any sense. The url is not encrypted so url filtering should be able to block access to the URL. Real content filtering solutions such as sonicwall, websense etc seem to be able to block https site access. I'm positive this is just a Cisco SA520 short coming in that it only blocks port 80 url access.

0 Helpful
Latest Contents
#CiscoChat Live - SMB Challenge: thriving locally while maki...
Created by greghami on 06-23-2021 12:23 PM
0
0
0
0
This Chat covers the intersection of technology and social impact from community to global levels. Learn how digital maturity accelerates SMB growth and profits that can fund social programs and enable sustainable business practices like remote work. &nbs... view more
#CiscoChat Live - SMB Challenge: thriving locally while maki...
Created by greghami on 06-23-2021 12:20 PM
3
0
3
0
This Chat covers the intersection of technology and social impact from community to global levels. Learn how digital maturity accelerates SMB growth and profits that can fund social programs and enable sustainable business practices like remote work. We'l... view more
#CiscoChat Live: Giving Back & Bouncing Back: The Effect of ...
Created by Kelli Glass on 04-28-2021 07:44 AM
0
0
0
0
Join us live on Thursday, April 29 at 10 am PT as we discuss how the pandemic affected non profits and find out what their secret weapon was to weathering the past year. Our guests will share how giving back during this challenging time actually enabled t... view more
#CiscoChat Live: Giving Back & Bouncing Back: The Effect of ...
Created by Kelli Glass on 04-28-2021 07:42 AM
0
0
0
0
Join us live on Thursday, April 29 at 10 am PT as we discuss how the pandemic affected non profits and find out what their secret weapon was to weathering the past year. Our guests will share how giving back during this challenging time actually enabled ... view more
Cybersecurity strategies for Small Business
Created by Kelli Glass on 04-14-2021 11:46 AM
0
0
0
0
Discover the cybersecurity strategies that small and midsize business (SMB) leaders are using to thrive in today's ever-evolving threat landscape. The Cisco Cybersecurity Report Series is a collection of thought leadership studies. This spin-off from our... view more
Related Content
Discussions
Blogs
Documents
Events
Videos
Project Gallery