web page coming out blank

Unanswered Question
Apr 20th, 2007
User Badges:
  • Silver, 250 points or more

we have few users that are getting blank web page (i.e. mapquest for an example). We have the following config for url filtering:


url-server (inside) vendor websense host 10.1.16.5 timeout 30 protocol TCP version 1 connections 5

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

filter url 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

My guess is that the problem might be with websense but don't know what to look for.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Tshi M Fri, 04/20/2007 - 11:10
User Badges:
  • Silver, 250 points or more

I am using an ASA 5520 and using a policy-map:

policy-map type inspect dns DNS

parameters

message-length maximum 1024


I guess I will try to increase this number to 1500 and see if it makes a difference.

Tshi M Fri, 04/20/2007 - 11:15
User Badges:
  • Silver, 250 points or more

what is strange though is that i have a pix 506 with fixup protocol dns maximum-length 512 but I am not having the same problem. This was what let to believe it could be websense.

Tshi M Fri, 04/20/2007 - 13:05
User Badges:
  • Silver, 250 points or more

I checked the stats and see some URLs being blocked. I guess I will have to contact Wedsense tech support.


Global Statistics:

--------------------

URLs total/allowed/denied 16644680/16570714/73966

URLs allowed by cache/server 0/16570714

URLs denied by cache/server 0/73966

HTTPSs total/allowed/denied 0/0/0

HTTPSs allowed by cache/server 0/0

HTTPSs denied by cache/server 0/0

FTPs total/allowed/denied 0/0/0

FTPs allowed by cache/server 0/0

FTPs denied by cache/server 0/0

Requests dropped 0

Server timeouts/retries 0/64

Processed rate average 60s/300s 6/9 requests/second

Denied rate average 60s/300s 0/0 requests/second

Dropped rate average 60s/300s 0/0 requests/second


Server Statistics:

--------------------

10.1.16.5 UP

Vendor websense

Port 15868

Requests total/allowed/denied 16644680/16570714/73966

Server timeouts/retries 0/64

Responses received 16644680

Response time average 60s/300s 0/0


URL Packets Sent and Received Stats:

------------------------------------

Message Sent Received

STATUS_REQUEST 468550 468546

LOOKUP_REQUEST 16649108 16649004

LOG_REQUEST 0 NA


Errors:

-------

RFC noncompliant GET method 11

URL buffer update failure 0

JORGE RODRIGUEZ Fri, 04/20/2007 - 13:57
User Badges:
  • Green, 3000 points or more

Then it is clear the websence seems to be the issue .. let us know how it works out with tect support..


Tshi M Wed, 04/25/2007 - 12:02
User Badges:
  • Silver, 250 points or more

I haven't had a chance to speak to websense but here what I did and somewhat fixed the problem.

1. I removed the lines below

url-server (inside) vendor websense host 10.1.16.5 timeout 30 protocol TCP version 1 connections 5

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

filter url 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow


1. and use those lines instead

url-server (inside) vendor websense host 10.0.3.29 timeout 30 protocol TCP version 4 connections 15

url-cache src-dst 100

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

filter https 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

Actions

This Discussion