Caching Server Addresses - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Filtering URLs and FTP Requests with an External Server
Note
To configure the maximum memory available for buffering pending URLs (and for buffering long
Step 2
URLs), enter the following command:
hostname(config)# url-block mempool-size memory-pool-size
Replace memory-pool-size with a value from 2 to 10240 for a maximum memory allocation of 2 KB to
10 MB.
Caching Server Addresses
After a user accesses a site, the filtering server can allow the security appliance to cache the server
address for a certain amount of time, as long as every site hosted at the address is in a category that is
permitted at all times. Then, when the user accesses the server again, or if another user accesses the
server, the security appliance does not need to consult the filtering server again.
Requests for cached IP addresses are not passed to the filtering server and are not logged. As a result,
Note
this activity does not appear in any reports. You can accumulate Websense run logs before using the
url-cache command.
Use the url-cache command if needed to improve throughput, as follows:
hostname(config)# url-cache dst | src_dst size
Replace size with a value for the cache size within the range 1 to 128 (KB).
Use the dst keyword to cache entries based on the URL destination address. Select this mode if all users
share the same URL filtering policy on the Websense server.
Use the src_dst keyword to cache entries based on both the source address initiating the URL request as
well as the URL destination address. Select this mode if users do not share the same URL filtering policy
on the Websense server.
Filtering HTTP URLs
This section describes how to configure HTTP filtering with an external filtering server. This section
includes the following topics:
•
•
•
•
Configuring HTTP Filtering
You must identify and enable the URL filtering server before enabling HTTP filtering.
Cisco Security Appliance Command Line Configuration Guide
20-6
Buffering URLs longer than 3072 bytes are not supported.
Configuring HTTP Filtering, page 20-6
Enabling Filtering of Long HTTP URLs, page 20-7
Truncating Long HTTP URLs, page 20-7
Exempting Traffic from Filtering, page 20-7
Chapter 20
Applying Filtering Services
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
