11-19-2012 10:45 PM - edited 03-11-2019 05:25 PM
Hi,
I'm using cisoc-ASA-software version 8.4 and smartfilter. i'm getting "HTTP Error 403 - Forbidden" with below situation.
1) when smartfilter blocks the client url request and sent a block page to the asa box, asa box should forward this to client browser. but asa box sending
"HTTP Error 403 - Forbidden" error message to client browser.
reason may be, block page is exceeding the limit of 3072 bytes.
2) because of this reason, smartfilter is encoding the block page into gzip or deflate and sent to asa box. now the block page size is with in the limit.but in this case also cisco asa is sending it's own error message of , "HTTP Error 403 - Forbidden".
Please help me to configure the cisco -asa such way that it should forward the block page as it is from smartfilter.
Thanks
Sridhar
11-20-2012 07:17 PM
Truncating the URL might help. You may want to give this a try.
filter url longurl-truncatehttp://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/filter.html#wp1042559
Regards,
Felipe.
11-21-2012 02:05 AM
Thank you for the reply.
Above configuration i working fine, when CISCO ASA receives a long url. But my cases when ASA sending its own erro message when it receives a zgip or deflate encoded html page.
Smartfilter supports two modes.
1) in one mode, if smartfilter should block the incoming request then it will send back a block page url to the asa box.
in this case no problem.
2) second case it should send a block page or redirect page (not url) to asa box, if the page size is more than the limit, it will encode into gzip or deflate and then sent to ASA.
This case it ASA sending its own error message as follows
HTTP Error 403 - Forbidden
You do not have permission to access the document or program you requested.
Thanks
Sridhar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide