Help for Kaspersky Web Traffic Security
- Kaspersky Web Traffic Security
- Licensing the application
- Scaling Kaspersky Web Traffic Security
- Installation and initial configuration of the application from an RPM or DEB package
- Installation and initial configuration of the application deployed from an ISO image
- Deploying a virtual machine in the VMware ESXi Hypervisor Management Console
- Deploying a virtual machine in the VMware vSphere web interface
- Deploying a virtual machine in the Management Console of Microsoft Hyper-V Manager
- Deploying a virtual machine using Microsoft SCVMM
- Application installation and initial configuration
- Removing an application deployed from an ISO image
- Preparing to remove the application
- Removing the application from a physical server
- Removing a virtual machine in the VMware ESXi Hypervisor Management Console
- Removing a virtual machine in the VMware vSphere web interface
- Removing a virtual machine in the Microsoft Hyper-V Hypervisor Management Console
- Removing a virtual machine using Microsoft SCVMM
- Getting started with the application
- Monitoring application operation
- Reports
- Kaspersky Web Traffic Security event log
- Using traffic processing rules
- Scenario for configuring access to web resources
- Adding a bypass rule
- Adding an access rule
- Adding a protection rule
- Configuring a rule triggering initiator
- Configuring traffic filtering
- Adding an exclusion for a traffic processing rule
- Configuring the schedule of a traffic processing rule
- Modifying a traffic processing rule
- Deleting a traffic processing rule
- Creating a copy of a traffic processing rule
- Enabling and disabling a traffic processing rule
- Changing the order of applied rules
- Working with traffic processing rule groups
- Configuring a default protection policy
- Monitoring traffic processing rules
- Managing workspaces
- Working with roles and user accounts
- Managing the cluster
- Creating a new cluster
- Configuring the display of the cluster node table
- Viewing information about a cluster node
- Adding a node to a cluster
- Modifying node settings
- Removing a node from a cluster
- Changing the role of a node in a cluster
- Deleting the cluster
- Checking data integrity
- Connecting to cluster nodes over the SSH protocol
- Restarting a cluster node
- Application operation in emergency mode
- Protecting network traffic
- ICAP server settings
- Block page
- Exporting and importing settings
- Upgrading the application from version 6.0 to version 6.1
- Installing update packages
- Installing the kwts_upgrade_6.1.0.4762_os_security_november_2024 update package
- Configuring the server time
- Configuring proxy server connection settings
- Updating Kaspersky Web Traffic Security databases
- Participating in Kaspersky Security Network and using Kaspersky Private Security Network
- Connecting to a LDAP server
- Configuring integration with Kaspersky Anti Targeted Attack Platform
- Syslog event log
- Application management over the SNMP protocol
- Single Sign-On authentication
- Managing the settings of a built-in proxy server in the application web interface
- Decrypting TLS/SSL connections
- Processing CONNECT requests
- About TLS connections
- Managing certificates for intercepting SSL connections
- Enabling and disabling decryption of SSL connections
- Selecting the default action for SSL connections
- Managing SSL rules
- Managing trusted certificates
- Sources of information about the application
- Publishing application events to a SIEM system
- Contacting the Technical Support
- Appendix 1. Installing and configuring the Squid service
- Appendix 2. Configuring integration of the Squid service with Active Directory
- Configuring Kerberos authentication
- Configuring NTLM authentication
- Installing the Samba service
- Configuring time synchronization
- Configuring DNS
- Configuring Samba on the server hosting the Squid service
- Checking Samba settings on the server hosting the Squid service
- Configuring the Squid service
- Configuring the client side of NTLM authentication
- Configuring NTLM authentication of a host that is not in a domain
- Configuring Basic authentication
- Appendix 3. Configuring ICAP balancing using HAProxy
- Appendix 4. MIME types of objects
- Appendix 5. URL normalization
- Appendix 6. Website categories
- Appendix 7. Physical processor core bandwidth values depending on the type of proxy server and the required protection level
- Appendix 8. Virtual processor bandwidth values depending on the type of proxy server and the required protection level
- Glossary
- Access rule
- Basic authentication
- Bypass rule
- Certificate fingerprint
- Cluster
- Directory service
- Heuristic analysis
- ICAP server
- Kaspersky Private Security Network
- Kaspersky Security Network (KSN)
- Kerberos authentication
- Keytab file
- Layout
- LDAP
- License serial number
- Malicious links
- MIB (Management Information Base)
- nginx service
- Node with role Control
- Node with role Secondary
- Normalization
- NTLM authentication
- Phishing
- Protection rule
- PTR record
- Replay cache
- Reputation filtering
- SELinux (Security-Enhanced Linux)
- Service principal name (SPN)
- SIEM system
- SNI (Server Name Indication)
- SNMP agent
- SNMP trap
- Squid
- SRV record
- SSL Bumping
- Syslog
- TLS encryption
- Tracing
- Traffic processing rule
- Update source
- Virus
- Workspace
- AO Kaspersky Lab
- Information about third-party code
- Trademark notices
Using traffic processing rules
You can manage user access to web resources by using
Set of actions that the application performs for a web resource that satisfies the specified conditions.
Set of traffic filtering criteria that determine whether users are allowed or denied access to web resources without checking access rules and protection rules.
List of user restrictions and permissions to access specified web resources and the direction of traffic.
List of scans for
A program that infects other programs by adding its code to them in order to gain control when infected files are started. This simple definition allows the main action performed by a virus infection to be identified.
A type of Internet fraud aimed at obtaining unauthorized access to users' confidential data.
Kaspersky Web Traffic Security begins processing traffic by checking bypass rules. If access to the web resource is allowed, the application proceeds to scan the traffic by applying access rules. Based on the results of access rule processing, the application either blocks the web resource or proceeds to scan the traffic by applying protection rules. The algorithm for traffic processing rules is displayed in the figure below.
Algorithm for traffic processing rules
Kaspersky Web Traffic Security applies rules in the order of their position in the rules table, from top to bottom. If the conditions defined in a rule are not met, the application proceeds to the next rule. As soon as conditions specified in a rule are satisfied, processing parameters specified in that rule are applied to the traffic, and further condition matching is stopped.
If a workspace is available, the priority of workspace rules is determined by the position of the Workspace rules row in the general rules table. In this case, rules are also applied in the order of their position in the table, from top to bottom. Workspace rules will be applied after traffic is scanned according to the rules that are positioned higher in the table. If none of the workspace rules are triggered, the application proceeds to scan traffic according to the rules positioned under the Workspace rules row in the table.
A default bypass rule is created when the application is installed. According to this rule, access to web resources whose value of the Content-Length HTTP header exceeds 10240 KB is allowed for all users without scans by the Anti-Virus and Anti-Phishing modules. This value ensures a balance between application performance and network traffic security. You can edit, disable, or delete the default bypass rule.
If no rule contains conditions suitable for a specific web resource, traffic is processed according to the default protection policy. In this case, the application allows access to the web resource if it has not been blocked as a result of scans by the Anti-Virus and Anti-Phishing modules. A default protection policy is created during installation of Kaspersky Web Traffic Security and is displayed in the Settings section, Protection settings subsection. In the default protection policy settings, you can select the actions that the application will taken on various types of objects.