When the application engine blocks a transaction, Cloud Web Security sends a block page to the end user. However, not all websites display the block page. For example, some Web 2.0 websites display dynamic content using JavaScript instead of a static web page and are not likely to display the block page. Users are still properly blocked from downloading malicious data, but they may not always be informed of this by the website.

Applications are controlled by selecting a class, such as social networking, a platform within that category, such as Facebook, a specific application, such as chat, a group of applications, such as games, or an action. The most common actions that you can control are:

• Download files
• Install software
• Like (social networking)
• Post
• Search
• Send email (web email)
• Tag (social networking)
• Upload files

The names of these actions may vary depending on the application provider.

Note	New classes, platforms, applications, and actions are periodically added to the application control engine by Cisco based on analysis of Cloud Web Security user traffic.

Classes, platforms, and applications can be thought of as nodes on a tree. When Cisco adds a new child node to the tree, it will automatically be included in any existing filters where the parent node is selected. For example, if a filter included the Social Networking > Facebook node, and a new application was added as a child of the Facebook node, it would automatically be selected in the filter.

Select the check boxes of the required categories. You can click Select All to select all the check boxes or Deselect all to clear all the check boxes. You can click Set to Default to copy the categories from the default filter or Copy HTTP selection to copy the categories from the HTTP settings for the filter. The available categories are the same as for HTTP.

Note	This option is available only if you select the Enable HTTP/HTTPS Split check box in the Separate HTTPS Restrictions section of the Web Filtering > Management > Global Settings page.

Enter the domains or URLs to be included in the filter. Each domain or URL should appear on its own line. You can use hostnames and subdomains, but you must omit the protocol (http://). You can click Sort Alphabetically to sort the list.

Enter the IP ranges to be included in the Networks/IPs box. These must be entered in the form of an IP address and a net mask, for example 192.0.2.0/24.

You can click Make Default to copy the settings from the default filter.

Note	There is a limit of 1,000 entries per Domain filter, and a total limit of 10,000 entries.

Select the check boxes of the applications, audio, video, and image files that you want to block. You can select the Select All check box to select all the check boxes for a category or clear it to clear all the check boxes. You can click Select All to select all the check boxes or Deselect all to clear them. You can click Set to Default to copy the settings from the default filter.

In the box, enter any additional MIME types to block, for example text/html. Each MIME type must be entered on its own line. You can click Sort Alphabetically to sort the list.

Select the check boxes of the inbound file types to block. You can click Select All to select all the check boxes or Clear All to clear them. You can click Make Default to copy the settings from the default filter.

Enter any additional file extensions (up to eight characters) in the box, for example 7z. Each file extension should be entered on its own line. You can click Sort Alphabetically to sort the list.

Select the check boxes for the application types, applications, and activities to include in the filter. Controls can be applied to various activities, including:

• Like
• Post
• Upload
• Download
• Tag
• Install
• Search
• Send Email

Selecting a node selects all child nodes in the tree. However, the opposite is not true. Selecting all activities is not the same as selecting the application. Selecting all applications is not the same as selecting the application type.

You can Show Selected to expand all selected nodes or Collapse All to collapse all nodes.

You can begin typing in the Filter box to filter the visible categories.

Caution

The Select All selects everything, even categories that have been hidden from display using the Filter box.

Enter the domains or URLs to be excluded from the filter. Each domain or URL should appear on its own line. You can use hostnames and subdomains but you must omit the protocol (http://). You can click Sort Alphabetically to sort the list.

Enter the IP ranges to be included in the Networks/IPs box. These must be entered in the form of an IP address and a net mask, for example 192.0.2.0/24.

Select the required check boxes for the web browsers you want to include in the filter. You can select the All Versions check box to add every version, including future versions, of a given browser.

Enter any other user agents you want to include in the Custom User Agents box. Each user agent must be entered on a separate line. The following characters can be included:

• !<text>—does not equal <text>

• ^<text>—starts with <text>

• *—zero or more characters

• <text>$—string ends with <text>

Note	Full regex syntax is not supported. Only the symbols listed above are used.

You can click Set to Default to copy the settings from the default filter.