05-26-2011 04:54 AM - edited 03-11-2019 01:38 PM
I am having a setup with a 2851 router & websense url filtering server where I need to forward the traffic to websense server for all the internet requests.
The http traffic is getting filtered properly, but the https traffic is not getting filtered.
The two commands I ahev given for http & http are as follows:
ip inspect name test http urlfilter
ip inspect name test https.
Anybody who has done the same or faced the issue, please let me know.
05-26-2011 06:08 AM
Hey cisco folks,
anybody is there who can answer the same..!
05-26-2011 10:49 AM
IOS firewall urlfilter supports only HTTP. HTTPS is not supported.
Thanks,
Brendan
05-26-2011 11:33 PM
I am using websense along with cisco 2851 router. The http requests are forwarded to websense & it is allowed or denied according to the filter policies created.
But when I am giving the command "ip inspect name test https" it is not forwarding the https traffic.
If the command for https is taking by the IOS commands, then it should forward the traffic to websense server. wright..?
Bu what is happening is that the https requesting websites are resolved by the router itself.
Any supporting document for the same which can be find from cisco.
05-27-2011 12:20 AM
Hello Brendan,
can u answer my query.?
05-27-2011 05:44 AM
We generally don't document what is not supported, except in specific cases. The "ip inspect name test https" command does not specifically reference url filtering. All you are doing is enabling the inspection.
Thanks,
Brendan
05-27-2011 06:07 AM
We need to provide the details to end customer regarding the same.
All cisco documents explains about http url filtering only.
So how we can get any proof saying that https traffic is not inspected.?
Any advanced IOS vesion supports the same?
whats the meaning of the command:"ip inspect name test https"?
Any other workaround for forwarding the https traffic to websense appliance?
05-27-2011 06:18 AM
The only way I think you'll be able to filter HTTPS traffic is to configure the Websense server as an explicit proxy.
The issue is that the HTTPS stream is encrypted. Unless you terminate the HTTPS stream on a device (as an explicit proxy) it is not going to be able to inspect the traffic.
05-29-2011 03:28 AM
Hello barry,
Using this setup, all the request is coming to the router & the router forwards the traffic to websense url filtering server.
You meant to say that:
1. All the requests should hit the websense url filter server directly before coming to router.
2. And the router cannot forward https requests to the server. wright?
It will be very helpful if you clarify the above points.
05-29-2011 05:07 AM
I am using the below commands for url fitering that forwards the internet traffic to websense server:
ip inspect name test http urlfilter
ip urlfilter max-resp-pak 500
ip urlfilter allow-mode on
ip urlfilter cache 1000
urlfilter urlf-server-log
ip urlfilter server vendor websense x.x.x.x.
This forwards the http traffic to the websense server at location: x.x.x.x
In this case, could you please help me, how can achieve the same for https through explicit proxy.?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide