I have a PIX 515 running OS 6.1.1. It is setup to use a websense server on the internal lan for URL filtering. Whenever a user attempts to access a very long URL such as those created by mapquest and travelocity (and many other site) the site times out. When the user clicks refresh the site immediately comes up properly. This happens for every long URL of around 1500 characters.
According to BUG CSCdt17577 & CSCdu39312 this is a known issue. The bug report says that it is first fixed in 6.1.1 which is what I am running. It says that there is a workaround to "Introduce the new keyword "long-url" which let bypass the
url filtering if the URL is too long."
I can't find any information about how to use this "long-url" feature to rid myself of this problem. Does anyone else use websense and have this problem? Does anyone know how to use this "long-url" keyword? I put in several exception lines as they suggested, but users seem to come up with new sites every day so I would like to have a more general solution.
Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen
If anyone else in the forum has some advice, please reply to this thread.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...