Advanced URL Filtering
1.Buffer The Web Server Responses
When a user issues a request to connect to a content server, the security appliance sends the request to the content server and to the filtering server at the same time. If the filtering server does not respond before the content server, the server response is dropped. This delays the web server response from the point of view of the web client because the client must reissue the request.
If you enable the HTTP response buffer, replies from web content servers are buffered and the responses are forwarded to the client that makes the request if the filtering server allows the connection. This prevents the delay that can otherwise occur.
In order to buffer responses to HTTP requests, complete these steps:
In order to enable buffering of responses for HTTP requests that are pending a response from the
filtering server, issue this command:
hostname(config)#url−block block block−buffer−limit
Replace block−buffer−limit with the maximum number of blocks to be buffered.
1. In order to configure the maximum memory available to buffer pending URLs, and to buffer long URLs with Websense, issue this command:
hostname(config)#url−block url−mempool memory−pool−size
Replace memory−pool−size with a value from 2 to 10240 for a maximum memory allocation of 2 KB to 10 MB.
2.Cache Server Addresses
After a user accesses a site, the filtering server can allow the security appliance to cache the server address for a certain amount of time, as long as every site hosted at the address is in a category that is permitted at all times. Then, when the user accesses the server again, or if another user accesses the server, the security appliance does not need to consult the filtering server again.
Issue the url−cache command if needed to improve throughput:
hostname(config)#url−cache dst | src_dst size
Replace size with a value for the cache size within the range 1 to 128 (KB).
Use the dst keyword in order to cache entries based on the URL destination address. Select this mode if all users share the same URL filtering policy on the Websense server.
Use the src_dst keyword in order to cache entries based on both the source address that initiates the URL request as well as the URL destination address. Select this mode if users do not share the same URL filtering policy on the Websense server.
3.Enable Filtering of Long URLs
By default, the security appliance considers an HTTP URL to be a long URL if it is greater than 1159 characters. You can increase the maximum length allowed for a single URL with this command:
hostname(config)#url−block url−size long−url−size
Replace long−url−size with the maximum size in KB for each long URL to be buffered.
For example, these commands configure the security appliance for advanced URL filtering:
hostname(config)#url−block block 10
hostname(config)#url−block url−mempool 2
hostname(config)#url−cache dst 100
hostname(config)#url−block url−size 2
No comments:
Post a Comment