CSC-SSM File Blocking Scenario

Unanswered Question
Dec 9th, 2009

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;}

Got a scenario where when a I divert Http Traffic to CSC-SSM, Invalid URL error

Is encountered.  Attached is the network diagram. Users from branch network gets their

Internet connection via the squid proxy of the main branch. The main branch is connected to the branch network via VPN. What we want to accomplish is block audio file using CSC-SSM. Audio/Video File was already selected under

File Blocking(Trend Micro Interscan). But mp3 files can still be downloaded. Upon checking the config,

I noticed that SMTP was the only traffic diverted to the CSC-SSM. So I added

Http Traffic. Below is the config for reference.

access-list outside_mpc_in extended permit tcp any any eq smtp

access-list outside_mpc_in extended permit tcp any any eq http

class-map SMTP

match access-list outside_mpc_in

class-map inspection_default

match default-inspection-traffic



policy-map global_policy

class inspection_default

  inspect dns maximum-length 512

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

policy-map outside-policy

class SMTP

  csc fail-open


service-policy global_policy global

service-policy outside-policy interface outside

But upon doing this, all http traffic was blocked. Invalid URL error

Was encountered. If the access-list for http traffic is removed, then

All internet connections are restored but audio file is not blocked.

So it seems that when Http traffic is diverted to CSC-SSM, some

Packet modification takes place that prevents the proxy from

Seing http traffic. Am I Missing something on the configuration?

Here is the error message from the proxy.

The Following Error was encountered

·        Invalid URL

Some Aspect of the requested URL is incorrect. Posible problems:

·        Missing or incorrect access protocol(should be http:// or similar)

·        Missing Hostname

·        Illegal double-escape in the URL-Path

Illegal character in hostname; underscores are not allowed
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
resoares Thu, 12/10/2009 - 04:31


How does the internet traffic go out from CSC module? The CSC-SSM module will use a Squid proxy to reach the Internet or it has a directly connection ?

I'm asking you this, because there are some proxy settings that can be configured depending on your network topology.


oyd110380 Thu, 12/10/2009 - 23:36


Thanks for the reply. CSC-SSM internet traffic goes through the squid proxy.

resoares Fri, 12/11/2009 - 02:46

Hi, thanks for your update, so configure the CSC to divert the traffic to the Squid.



This Discussion