By using proxy server, you route all http traffic through a http proxy server. I too did the same way, as you did. I feel, both are right.
With regards Kings CCNA,CCSP,CCNP,CCIP,CCIE 35914 (Security) On Sun, Sep 9, 2012 at 8:04 PM, Ben Shaw <[email protected]> wrote: > Hi All > > I am doing a lab which asks to complete the following: > > - Configure ASA1 for HTTP URL filtering for all users on the inside using > a WebSense server located at 10.0.0.100. > - In the case that the filtering server is down all HTTP requests should > be allowed. > - Ensure that users accessing websites via external proxies on port 8080 > are blocked by this policy. > > My answer was > > url-server (outside) vendor websense host 10.0.0.100 > filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow proxy-block > filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow proxy-block > > It seems I don't understand the usage of the proxy block command as the > solution gave the answer as > > url-server (outside) vendor websense host 10.0.0.100 > filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow > filter url 8080 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 proxy-block > > I was under the impression that using the proxy block option as I did > would allow normal HTTP connections for the traffic from any source > networks to any destination be checked against the external filtering > server but block this same traffic if it is using a proxy. It seems from > the solution however that the proxy block option is used by itself to > identify a source and destination network and a port (8080 in this case) to > apply a blanket deny on all matching traffic. > > It would seem easier t me to just allow HTTP traffic in an ACL and deny > all other traffic (inc 8080) in this case though I understand this is not > how the question is wanting it to be done. > > Considering I can't really test this too easily as I don't have a websense > server can anyone confirm, deny or clarify my observations? > > Thanks > Ben > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
