Got a scenario where when a I divert Http Traffic to CSC-SSM, Invalid URL error
Is encountered.Attached is the network diagram. Users from branch network gets their
Internet connection via the squid proxy of the main branch. The main branch is connected to the branch network via VPN. What we want to accomplish is block audio file using CSC-SSM. Audio/Video File was already selected under
File Blocking(Trend Micro Interscan). But mp3 files can still be downloaded. Upon checking the config,
I noticed that SMTP was the only traffic diverted to the CSC-SSM. So I added
Http Traffic. Below is the config for reference.
access-list outside_mpc_in extended permit tcp any any eq smtp
access-list outside_mpc_in extended permit tcp any any eq http
match access-list outside_mpc_in
inspect dns maximum-length 512
inspect h323 h225
inspect h323 ras
service-policy global_policy global
service-policy outside-policy interface outside
But upon doing this, all http traffic was blocked. Invalid URL error
Was encountered. If the access-list for http traffic is removed, then
All internet connections are restored but audio file is not blocked.
So it seems that when Http traffic is diverted to CSC-SSM, some
Packet modification takes place that prevents the proxy from
Seing http traffic. Am I Missing something on the configuration?
Here is the error message from the proxy.
The Following Error was encountered
Some Aspect of the requested URL is incorrect. Posible problems:
·Missing or incorrect access protocol(should be http:// or similar)
·Illegal double-escape in the URL-Path
Illegal character in hostname; underscores are not allowed
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...