Filtering Http Urls; Configuring Http Filtering; Enabling Filtering Of Long Http Urls; Truncating Long Http Urls - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Chapter 20
Applying Filtering Services
Use the src_dst keyword to cache entries based on both the source address initiating the URL request
as well as the URL destination address. Select this mode if users do not share the same URL filtering
policy on the Websense server.
Filtering HTTP URLs
This section describes how to configure HTTP filtering with an external filtering server. This section
includes the following topics:
•
•
•
•
Configuring HTTP Filtering
You must identify and enable the URL filtering server before enabling HTTP filtering.
When the filtering server approves an HTTP connection request, the security appliance allows the reply
from the web server to reach the originating client. If the filtering server denies the request, the security
appliance redirects the user to a block page, indicating that access was denied.
To enable HTTP filtering, enter the following command:
hostname(config)# filter url [http | port [- port ] local_ip local_mask foreign_ip
foreign_mask ] [allow] [proxy-block]
Replace port with one or more port numbers if a different port than the default port for HTTP (80) is
used. Replace local_ip and local_mask with the IP address and subnet mask of a user or subnetwork
making requests. Replace foreign_ip and foreign_mask with the IP address and subnet mask of a server
or subnetwork responding to requests.
The allow option causes the security appliance to forward HTTP traffic without filtering when the
primary filtering server is unavailable. Use the proxy-block command to drop all requests to proxy
servers.
Enabling Filtering of Long HTTP URLs
By default, the security appliance considers an HTTP URL to be a long URL if it is greater than 1159
characters. You can increase the maximum length allowed.
Configure the maximum size of a single URL with the following command:
hostname(config)# url-block url-size long-url-size
Replace long-url-size with the maximum size in KB for each long URL being buffered. For Websense,
this is a value from 2 to 4 for a maximum URL size of 2 KB to 4 KB; for Secure Computing, this is a
value between 2 to 3 for a maximum URL size of 2 KB to 3 KB. The default value is 2.
Truncating Long HTTP URLs
By default, if a URL exceeds the maximum permitted size, then it is dropped. To avoid this, you can set
the security appliance to truncate a long URL by entering the following command:
OL-12172-03
Configuring HTTP Filtering, page 20-7
Enabling Filtering of Long HTTP URLs, page 20-7
Truncating Long HTTP URLs, page 20-7
Exempting Traffic from Filtering, page 20-8
Filtering URLs and FTP Requests with an External Server
Cisco Security Appliance Command Line Configuration Guide
20-7
Advertisement
Table of Contents
Troubleshooting
