Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
669
Views
5
Helpful
1
Replies

Url-cache not working on Pix 535

riocancontractor
Level 1
Level 1

‎07-19-2010 02:10 PM - edited ‎03-11-2019 11:13 AM

Running 7.22.

url-server (DMZ1) vendor websense host x.x.x.x timeout 10 protocol TCP version 4 connections 5

url-cache dst 128

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

url-block url-mempool 1500

url-block url-size 4

PIX535HOFWS# show url-server statistics

Global Statistics:

--------------------

URLs total/allowed/denied         22524/20050/2474

URLs allowed by cache/server      0/20050

URLs denied by cache/server       0/2474

HTTPSs total/allowed/denied       0/0/0

HTTPSs allowed by cache/server    0/0

HTTPSs denied by cache/server     0/0

FTPs total/allowed/denied         0/0/0

FTPs allowed by cache/server      0/0

FTPs denied by cache/server       0/0

Requests dropped                  0

Server timeouts/retries           0/0

Processed rate average 60s/300s   6/9 requests/second

Denied rate average 60s/300s      0/0 requests/second

Dropped rate average 60s/300s     0/0 requests/second

Server Statistics:

--------------------

x.x.x.x                       UP

  Vendor                          websense

  Port                            15868

  Requests total/allowed/denied   22524/20050/2474

  Server timeouts/retries         0/0

  Responses received              22524

  Response time average 60s/300s  0/0

URL Packets Sent and Received Stats:

------------------------------------

Message                 Sent    Received

STATUS_REQUEST          464     464

LOOKUP_REQUEST          22537   22537

LOG_REQUEST             0       NA

Errors:

-------

RFC noncompliant GET method     0

URL buffer update failure       0

URL Filter Cache Stats
----------------------
    Size :       128KB
Entries :        219
  In Use :         0
Lookups :     9182
    Hits :          0
Hit Rate :         0
URL  blocking is working properly, but Caching isn't.  Do I have to do anything on the websense server to enable this?  I didn't think so, but not sure why it's not working at all...
Labels:
0 Helpful
1 Reply 1

David White
Cisco Employee
Cisco Employee

‎07-24-2010 06:42 AM

What version of Websense are you using? 

I guess first, I need to explain how caching works.  When the PIX sends a request to Websense, in the permit/deny reply there is a field which tells the PIX whether it can cache that response.  Only if the field is set to true, and caching is enabled on the PIX, will it cache the replies.

However, in all newer versions of Websense/N2H2, they no longer permit the responses to be cached (meaning the field is set to false in all responses).  Therefore, even though the PIX can cache the response, it is not permitted to.

The reason for doing this is because many sites can change classification, or more importantly, sites are very large these days and different areas of sites can be classified to different categories.  With caching, the entire domain must be in the same category so the the action taken on the entire domain is the same.  This is because only the domain is cached with a permit/deny action, not the entire URL.

Hope that helps explain it.  If so, please ensure you mark the question as answered so we know it solved the problem.


Sincerely,


David.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card