Pix, WebSense not blocking https

Unanswered Question
Apr 25th, 2008
User Badges:

I use WebSense 5.5 on windows 2000. I have a pix 515 running 6.3(3)

I am having trouble blocking https sites

The https protocol blocking is enabled on Websense.

I have this in my config:

url-server (inside) vendor websense host timeout 5 protocol TCP version 1

filter url http

filter url 443

It was recommended that I use "filter url https" instead of 443, but it automatically changes https to 443.

Any solutions?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (2 ratings)
smahbub Fri, 05/02/2008 - 11:10
User Badges:
  • Silver, 250 points or more

In a PIX HTTPS protocol is disabled by default.check for the version of pix firewall as:

1)Websense Enterprise web filtering application is supported by PIX Firewall Version 5.3 or higher only.

2)PIX Firewall Version 6.3 or higher supports filtering of HTTPS and FTP sites when using the Websense filtering server.

More information about enabling HTTPS protocol blocking using websense refer:


Matt Lang Fri, 05/02/2008 - 11:48
User Badges:


Your configuration should work as you have it.

The command is as follows:

filter url [http | port[-port] local_ip local_mask foreign_ip foreign_mask] [allow] [proxy-block]

[longurl-truncate | longurl-deny] [cgi-truncate]

Have you checked the statistics by issuing "show url-server statistics"?

daniel.ketchum Mon, 05/05/2008 - 15:41
User Badges:


"show url-server statistics" returns a bad syntax response. "show url server statistics" returns "Ambiguous command. Please enter more characters."

What am I missing here?

daniel.ketchum Tue, 05/06/2008 - 07:39
User Badges:

Nice Matt, that worked. My stats look like the pix is not even seeing https requests:

URL Server Statistics:


Vendor websense

URLs total/allowed/denied 2611484/2578007/33477

HTTPSs total/allowed/denied 0/0/0

FTPs total/allowed/denied 0/0/0

URL Server Status:

------------------ UP

URL Packets Sent and Recieved Stats:


Message Sent Recieved

STATUS_REQUEST 80424 80353

LOOKUP_REQUEST 2658590 2657063



This Discussion