Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
The CSC-SSM with the URL filter option enabled on a PIX/ASA firewall blocks most Internet traffic
This issue is due to the presence of Cisco bug ID CSCsh50078
The Content Security and Control Security Services Module (CSC-SSM) with the URL filter option enabled can cause Hypertext Transfer Protocol (HTTP) traffic to immediately fail with the pagecannot be found error message on the host.
Some sites, such as www.cnn.com, access most of the page with an X in place of each image. Additional links from this page return the page cannot be displayed error message.
When the CSC module has the URL filter option enabled and a third party intermediate device chunk encodes the URL filter request, the URL filter service fails.
This packet sequence appears in the trace on the ASA:
The web client sends a Get request to the CSC.
The CSC sends a URL rating request to cscssme60.url.trendmicro.com.
The Trend Rating Server returns the rating with a 404 status code.
The CSC closes the client request with a finish (FIN) without any content.
Disable the URL filter option as a workaround to this issue.
In order to completely resolve this issue, upgrade the CSC to version 6.1(1569.2) or later. This version contains the official fix for the URL filter issue and many other Simple Mail Transfer Protocol (SMTP) and HTTP issues.