Filtering URLs and FTP Requests with an External Server
Buffering the Content Server Response
When a user issues a request to connect to a content server, the FWSM sends the request to the content
server and to the filtering server at the same time. If the filtering server does not respond before the
content server, the server response is dropped. This delays the web server response from the point of
view of the web client because the client must reissue the request.
By enabling the HTTP response buffer, replies from web content servers are buffered and the responses
are forwarded to the requesting client if the filtering server allows the connection. This prevents the
delay that might otherwise occur.
To configure buffering for responses to HTTP or FTP requests, perform the following steps:
To enable buffering of responses for HTTP or FTP requests that are pending a response from the filtering
Step 1
server, enter the following command:
hostname(config)# url-block block block-buffer-limit
Replace block-buffer-limit with the maximum number of blocks that will be buffered.
Note
To configure the maximum memory available for buffering pending URLs (and for buffering long URLs
Step 2
with Websense), enter the following command:
hostname(config)# url-block url-mempool memory-pool-size
Replace memory-pool-size with a value from 2 to 10240 for a maximum memory allocation of 2 KB to
10 MB.
Caching Server Addresses
After a user accesses a site, the filtering server can allow the FWSM to cache the server address for a
certain amount of time, as long as every site hosted at the address is in a category that is permitted at all
times. Then, when the user accesses the server again, or if another user accesses the server, the FWSM
does not need to consult the filtering server again.
Requests for cached IP addresses are not passed to the filtering server and are not logged. As a result,
Note
this activity does not appear in any reports. You can accumulate Websense run logs before using the
url-cache command.
Use the url-cache command if needed to improve throughput, as follows:
hostname(config)# url-cache {dst | src_dst} size
Replace size with a value for the cache size within the range 1 to 128 (KB).
Use the dst keyword to cache entries based on the URL destination address. Select this mode if all users
share the same URL filtering policy on the Websense server.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
18-6
Buffering URLs longer than 1159 bytes is only supported for the Websense filtering server.
Chapter 18
Applying Filtering Services
OL-20748-01