Configuring General Filtering Parameters
Setting the Maximum Length of Long HTTP URLs
Websense only
By default, the FWSM considers an HTTP URL to be a long URL if it is greater than 1159 characters.
If the URL exceeds the maximum size, then it is dropped by default. You can set the FWSM to truncate
or block a long URL when you configure HTTP filtering. (See the
page
To increase the maximum length and to set the amount of memory used for long URLs, follow these
steps:
To change the limit for long URLs from 1159 bytes (characters), enter the following command:
Step 1
FWSM/contexta(config)# url-block url-size long-url-size
Enter 2, 3, or 4 to change the limit to 2, 3, or 4 KB.
Step 2
To set the maximum memory available for buffering long URLs, enter the following command:
FWSM/contexta(config)# url-block url-mempool memory-pool-size
The amount of memory dedicated to long URLs is limited to avoid a DoS attack, for example.
Set the size from 2 to 10240 KB. Typically, the amount of memory should be the number of sessions you
want to allow times the maximum length of the URL. For example, to allow 100 sessions for 3 KB URLs,
then set the memory to be 300 KB. However, we recommend setting the memory to the maximum,
10240 KB, because the FWSM has enough memory to handle the maximum number of sessions.
Caching URL Servers
After a user accesses a site, the filtering server can allow the FWSM to cache the server address for a
certain amount of time, as long as every site hosted at the address is in a category that is permitted at all
times. Then, when the user accesses the server again, or if another user accesses the server, the FWSM
does not need to consult the filtering server again.
Requests for cached IP addresses are not passed to the filtering server and are not logged. As a result,
Note
this activity does not appear in any reports.
To enable caching, enter the following command:
FWSM/contexta(config)# url-cache {dst | src_dst} kbytes
See the following options:
•
•
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
14-4
14-5.)
dst—Caches the destination server address for any user that accesses the server.
src_dst— Caches the source and destination server address, so access is only cached for a given user
at the source address.
kbytes—The cache size between 1 and 128 KB.
Chapter 14
Filtering HTTP, HTTPS, or FTP Requests Using an External Server
"Filtering HTTP URLs" section on
OL-6392-01