You have configured a Cisco ESA with a URL Category action that redirects the URLs of adult content sites to
the Cisco Cloud Web Security proxy service. You receive a report that users are successfully accessing some
adult content sites from the company network. However, you are able to verify that known adult sites are being
redirected.
Which of the following could be the problem? (Select the best answer.)
A.
You did not specify any text to replace the URL.
B.
You did not defang the URL so that it cannot be clicked.
C.
The connection to the Cisco Cloud Web Security proxy service timed out.
D.
The adult content sites being visited are uncategorized.
Explanation:
The problem could be that the adult content sites being visited are uncategorized if users are able to access
some adult sites while other known adult sites are being redirected. The Cisco Email Security Appliance (ESA)
supports Uniform Resource Locator (URL) filtering, which can be used to test the reputation of URL links in
email messages or to compare the content of the URL to a list of categories of sites that violate company
policy. By using URL filtering with URL categorization, it is possible to limit user access to a given site without
relying on a blacklist of the site’s possible IP addresses.
There are three options for action when a link in an email message matches a given URL category or its
reputation score falls within a specified range:
– Defang the URL – renders the URL unclickable, although the user can still copy and paste the URL
– Redirect the URL to the Cisco Cloud Web Security proxy service – redirects the URL to a proxy, which blocks
the site if it is malicious and displays a message to the user
– Replace the URL with specific text or the URL to thirdparty proxy service – replaces the link in the original
email message with specific warning text provided by the administrator or with a link that redirects to a
thirdparty proxy service
You can also choose to apply any of those actions to sites that are not yet categorized in the URL database.
In this scenario, sites that fit into the adult URL category should be redirected to the Cisco Cloud Web Security
proxy service. However, there is nothing in the scenario to indicate that sites that are uncategorized have been
configured to redirect to the Cisco Cloud Web Security proxy service. Therefore, users will be connected to the
links as they appear in the original email message.
The connection to the Cisco Cloud Web Security proxy service is not timing out in this scenario, because
connections to some sites in the URL category are being redirected. If a connection to the Cisco Cloud Web
Security proxy service times out, URL filtering will automatically allow the user to connect to the target site by
using the link in the original email message. Therefore, known adult sites in this scenario would be accessible
to users if the connection to the Cisco Cloud Web Security proxy service was timing out. You do not need to
defang the URL. In this scenario, you have chosen to redirect adult site content to the Cisco Cloud Web
Security proxy. In addition, you do not need to specify text to replace the URL.Reference:
Cisco: Cisco AsyncOS 8.5.6 for Email User Guide: Redirected URLs: What Does the End User Experience?
(PDF)