beautypg.com

Configuring additional url filtering settings, Buffering the content server response – Cisco ASA 5505 User Manual

Page 806

background image

39-10

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 39 Configuring Filtering Services

Filtering URLs and FTP Requests with an External Server

Configuring Additional URL Filtering Settings

After you have accessed a website, the filtering server can allow the ASA to cache the server address for
a certain period of time, as long as each website hosted at the address is in a category that is permitted
at all times. When you access the server again, or if another user accesses the server, the ASA does not
need to consult the filtering server again to obtain the server address.

Note

Requests for cached IP addresses are not passed to the filtering server and are not logged.
As a result, this activity does not appear in any reports.

This section describes how to configure additional URL filtering settings and includes the following
topics:

Buffering the Content Server Response, page 39-10

Caching Server Addresses, page 39-11

Filtering HTTP URLs, page 39-11

Filtering HTTPS URLs, page 39-13

Filtering FTP Requests, page 39-14

Buffering the Content Server Response

When you issue a request to connect to a content server, the ASA sends the request to the content server
and to the filtering server at the same time. If the filtering server does not respond before the content
server, the server response is dropped. This behavior delays the web server response for the web client,
because the web client must reissue the request.

By enabling the HTTP response buffer, replies from web content servers are buffered, and the responses
are forwarded to the requesting client if the filtering server allows the connection. This behavior prevents
the delay that might otherwise occur.

To configure buffering for responses to HTTP or FTP requests, enter the following command:

Command

Purpose

Step 1

url-block block

block-buffer-limit

Example:

hostname# url-block 3000

Enables buffering of responses for HTTP or FTP requests that are
pending a response from the filtering server.

Replaces block-buffer with the maximum number of HTTP
responses that can be buffered while awaiting responses from the
URL server.

Note

Buffering of URLs longer than 3072 bytes is not
supported.

Step 2

url-block mempool-size

memory-pool-size

Example:

hostname# url-block mempool-size 5000

Configures the maximum memory available for buffering pending
URLs (and for buffering long URLs).

Replaces memory-pool-size with a value from 2 to 10240 for a
maximum memory allocation of 2 KB to 10 MB.