Filtering Http Urls; Configuring Http Filtering; Enabling Filtering Of Long Http Urls; Truncating Long Http Urls - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Chapter 18
Applying Filtering Services
Use the src_dst keyword to cache entries based on both the source address initiating the URL request as
well as the URL destination address. Select this mode if users do not share the same URL filtering policy
on the Websense server.
Filtering HTTP URLs
This section describes how to configure HTTP filtering with an external filtering server. This section
includes the following topics:
•
•
•
•
Configuring HTTP Filtering
You must identify and enable the URL filtering server before enabling HTTP filtering.
When the filtering server approves an HTTP connection request, the FWSM allows the reply from the
web server to reach the originating client. If the filtering server denies the request, the FWSM redirects
the user to a block page, indicating that access was denied.
To enable HTTP filtering, enter the following command:
hostname(config)# filter url {http | port[-port] | except} local_ip local_mask foreign_ip
foreign_mask [allow][cgi-truncate][longurl-deny][longurl-truncate][proxy-block]
Replace port with one or more port numbers if a different port than the default port for HTTP (80) is
used. Replace local_ip and local_mask with the IP address and subnet mask of a user or subnetwork
making requests. Replace foreign_ip and foreign_mask with the IP address and subnet mask of a server
or subnetwork responding to requests.
To create an exception to a previous filter condition, specify the keyword except.
Note
The filter exception rule works only when you use the default port.
The allow option causes the FWSM to forward HTTP traffic without filtering when the primary filtering
server is unavailable. Use the proxy-block command to drop all requests to proxy servers.
Enabling Filtering of Long HTTP URLs
By default, the FWSM considers an HTTP URL to be a long URL if it is greater than 1159 characters.
For Websense servers, you can increase the maximum length allowed.
(Websense only) Configure the maximum size of a single URL with the following command:
hostname(config)# url-block url-size long_url_size
Replace long_url_size with a value from 2 to 4 for a maximum URL size of 2 KB to 4 KB. The default
value is 2.
(Websense only) You can also configure the maximum size of the URL buffer memory pool with the
following command:
hostname(config)# url-block url-mempool memory_pool_size
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Configuring HTTP Filtering, page 18-7
Enabling Filtering of Long HTTP URLs, page 18-7
Truncating Long HTTP URLs, page 18-8
Exempting Traffic from Filtering, page 18-8
Filtering URLs and FTP Requests with an External Server
18-7
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
