Cisco ASA 5505 User Manual

39-12

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 39 Configuring Filtering Services

Filtering URLs and FTP Requests with an External Server

Enabling HTTP Filtering

You must identify and enable the URL filtering server before enabling HTTP filtering. When the filtering
server approves an HTTP connection request, the ASA allows the reply from the web server to reach the
originating client. If the filtering server denies the request, the ASA redirects you to a block page,
indicating that access was denied.

To enable HTTP filtering, enter the following command:

Enabling Filtering of Long HTTP URLs

By default, the ASA considers an HTTP URL to be a long URL if it is greater than 1159 characters. You
can increase the maximum length allowed.

To configure the maximum size of a single URL, enter the following command:

Command

Purpose

filter url

[http | port[-port] local_ip

local_mask foreign_ip foreign_mask]

[allow] [proxy-block]

Example:

hostname# filter url http 80 allow

proxy-block

Replaces port[-port] with one or more port numbers if a different port than
the default port for HTTP (80) is used.

Replaces local_ip and local_mask with the IP address and subnet mask of
a user or subnetwork making requests.

Replaces foreign_ip and foreign_mask with the IP address and subnet mask
of a server or subnetwork responding to requests.

The allow option causes the ASA to forward HTTP traffic without filtering
when the primary filtering server is unavailable. Use the proxy-block
command to drop all requests to proxy servers.

Command

Purpose

url-block url-size

long-url-size

Example:

hostname# url-block url-size 3

Replaces the long-url-size with the maximum size in KB for each long
URL being buffered. For Websense servers, this is a value from 2 to 4 for
a maximum URL size from 2 KB to 4 KB; for Secure Computing
SmartFilter servers, this is a value between 2 and 3 for a maximum URL
size from 2 KB to 3 KB. The default value is 2.