web page coming out blank

Tshi M · ‎04-20-2007

we have few users that are getting blank web page (i.e. mapquest for an example). We have the following config for url filtering:

url-server (inside) vendor websense host 10.1.16.5 timeout 30 protocol TCP version 1 connections 5

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

filter url 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

My guess is that the problem might be with websense but don't know what to look for.

jmia · ‎04-20-2007

It does seem that this is a issue with the websense filtering policy, Have you checked websense support for this issue??

jmia · ‎04-20-2007

You might want to consult the following page too...

http://www.websense.com/global/en/SupportAndKB/SearchKB/Results.php?key=blank+url+pages&plat=1〈=English

JORGE RODRIGUEZ · ‎04-20-2007

Hi, Try increasing the fixup protocol dns length size in the pix .. the default is 512 bytes.. it may resolve the issue.

show fixup protocol dns

fixup protocol dns maximum-length 1500

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a8.html#wp1067379

Jorge

Jorge Rodriguez

Tshi M · ‎04-20-2007

I am using an ASA 5520 and using a policy-map:

policy-map type inspect dns DNS

parameters

message-length maximum 1024

I guess I will try to increase this number to 1500 and see if it makes a difference.

Tshi M · ‎04-20-2007

what is strange though is that i have a pix 506 with fixup protocol dns maximum-length 512 but I am not having the same problem. This was what let to believe it could be websense.

Tshi M · ‎04-20-2007

I checked the stats and see some URLs being blocked. I guess I will have to contact Wedsense tech support.

Global Statistics:

--------------------

URLs total/allowed/denied 16644680/16570714/73966

URLs allowed by cache/server 0/16570714

URLs denied by cache/server 0/73966

HTTPSs total/allowed/denied 0/0/0

HTTPSs allowed by cache/server 0/0

HTTPSs denied by cache/server 0/0

FTPs total/allowed/denied 0/0/0

FTPs allowed by cache/server 0/0

FTPs denied by cache/server 0/0

Requests dropped 0

Server timeouts/retries 0/64

Processed rate average 60s/300s 6/9 requests/second

Denied rate average 60s/300s 0/0 requests/second

Dropped rate average 60s/300s 0/0 requests/second

Server Statistics:

--------------------

10.1.16.5 UP

Vendor websense

Port 15868

Requests total/allowed/denied 16644680/16570714/73966

Server timeouts/retries 0/64

Responses received 16644680

Response time average 60s/300s 0/0

URL Packets Sent and Received Stats:

------------------------------------

Message Sent Received

STATUS_REQUEST 468550 468546

LOOKUP_REQUEST 16649108 16649004

LOG_REQUEST 0 NA

Errors:

-------

RFC noncompliant GET method 11

URL buffer update failure 0

JORGE RODRIGUEZ · ‎04-20-2007

Then it is clear the websence seems to be the issue .. let us know how it works out with tect support..

Jorge Rodriguez

Tshi M · ‎04-25-2007

I haven't had a chance to speak to websense but here what I did and somewhat fixed the problem.

1. I removed the lines below

url-server (inside) vendor websense host 10.1.16.5 timeout 30 protocol TCP version 1 connections 5

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

filter url 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

1. and use those lines instead

url-server (inside) vendor websense host 10.0.3.29 timeout 30 protocol TCP version 4 connections 15

url-cache src-dst 100

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

filter https 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow