Feature Request : provide a way to create access policies or identities with matching condition based on the HTTP header's "Referer" field
I have a use-case I would like to share with you. When a customer configures its WSA with highly restrictive internet access like in the example below, it may trigger some issues :
1- allow internet access only for URLs defined in whitelist.
2- block ALL other requests.
Let's take the following example :
1- the customer only allow requests to www.siteA.com. siteA.com is the only URL included in its whitelist.
2- www.siteA.com contains many embedded objects (such as facebook like tags, youtube videos, links to partners sites, ...)
In this configuration, the end user will be allowed to reach siteA but the page will not be fully displayed. All the embedded objects not directly located on siteA will be missing.
With WSA, the easiest way I can imagine to solve the issue is to list all the embedded objects present on siteA, get back their URL and also add these URLs to the whitelist. But this solution if of course far to be really convenient since it involves to know exactly how each HTTP page you want to consult is built.
With other proxies, such as Bluecoat proxies or McAfee Web Gateway proxies for example, I used to solve this kind of issue by using the HTTP referer field (the URL you come from). For example with Bluecoat :
Feature Request : provide a way to create access policies or ide
You will have to add any links within that allowed webpage to the whitelist along with any other links that you also want to show up on that allowed page. If you would like to add a feature request to be considered in future releases you will need to open a WSA support case.
WSA Cisco Forums Moderator
As far as I'm aware this functionality is still not available... would be an awesome feature to have, but could also be abused at the same time by a user writing their own "middleware" proxy and setting the referrer header to that allowed site.. could be done in like ~15 lines of perl / python.
Either way... would still be a cool feature to have.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :