Unable to filter https traffic with router & websense
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2011 04:54 AM - edited 03-11-2019 01:38 PM
I am having a setup with a 2851 router & websense url filtering server where I need to forward the traffic to websense server for all the internet requests.
The http traffic is getting filtered properly, but the https traffic is not getting filtered.
The two commands I ahev given for http & http are as follows:
ip inspect name test http urlfilter
ip inspect name test https.
Anybody who has done the same or faced the issue, please let me know.
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2011 06:08 AM
Hey cisco folks,
anybody is there who can answer the same..!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2011 10:49 AM
IOS firewall urlfilter supports only HTTP. HTTPS is not supported.
Thanks,
Brendan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2011 11:33 PM
I am using websense along with cisco 2851 router. The http requests are forwarded to websense & it is allowed or denied according to the filter policies created.
But when I am giving the command "ip inspect name test https" it is not forwarding the https traffic.
If the command for https is taking by the IOS commands, then it should forward the traffic to websense server. wright..?
Bu what is happening is that the https requesting websites are resolved by the router itself.
Any supporting document for the same which can be find from cisco.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-27-2011 12:20 AM
Hello Brendan,
can u answer my query.?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-27-2011 05:44 AM
We generally don't document what is not supported, except in specific cases. The "ip inspect name test https" command does not specifically reference url filtering. All you are doing is enabling the inspection.
Thanks,
Brendan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-27-2011 06:07 AM
We need to provide the details to end customer regarding the same.
All cisco documents explains about http url filtering only.
So how we can get any proof saying that https traffic is not inspected.?
Any advanced IOS vesion supports the same?
whats the meaning of the command:"ip inspect name test https"?
Any other workaround for forwarding the https traffic to websense appliance?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-27-2011 06:18 AM
The only way I think you'll be able to filter HTTPS traffic is to configure the Websense server as an explicit proxy.
The issue is that the HTTPS stream is encrypted. Unless you terminate the HTTPS stream on a device (as an explicit proxy) it is not going to be able to inspect the traffic.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-29-2011 03:28 AM
Hello barry,
Using this setup, all the request is coming to the router & the router forwards the traffic to websense url filtering server.
You meant to say that:
1. All the requests should hit the websense url filter server directly before coming to router.
2. And the router cannot forward https requests to the server. wright?
It will be very helpful if you clarify the above points.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-29-2011 05:07 AM
I am using the below commands for url fitering that forwards the internet traffic to websense server:
ip inspect name test http urlfilter
ip urlfilter max-resp-pak 500
ip urlfilter allow-mode on
ip urlfilter cache 1000
urlfilter urlf-server-log
ip urlfilter server vendor websense x.x.x.x.
This forwards the http traffic to the websense server at location: x.x.x.x
In this case, could you please help me, how can achieve the same for https through explicit proxy.?
