Solved: url-cache doesn't work in ASA with Websense

hxmengmetro · ‎10-21-2010

Hi All,

I'm trying to use url-cache in ASA to make fewer requests to Websense. I configured as "url-cache src-dst 128" since different user has different policy. But when I show the url-cache statistics like below, the hit is always 0 and in use is 0 too. I used my browser to browse same website (clear the browser cache every time). Whatever the website is blocked or not, the cache statistics doesn't have any hit.

Our ASA version is 8.0(3). Is this a bug? Thanks.

Lou

Maykol Rojas · ‎10-21-2010

Hello Hailu,

This is Mike, the feature of URL caching is based on the url-server support. If you are not seeing any hitcounts over there it means that there may be an issue regarding to the server. Now, the documentation states that Websense does support web caching, but it does not on the newest versions. That is something that can be clarified by your Websense support.

Now, I wouldnt recommend you to do caching, nowdays there are servers on the outside world that are hosting several websites like facebook and some other pages and you may be blocking pages that you dont want, why, here is the deal:

You try to open facebook.com which it is a blocked page on your company and it opens with ip 11.11.11.11

Later on you try to open cnn.com which is an allowed site, but you realize that it opens with 11.11.11.11, and because you have that IP address cache it will be blocked by websense and the ASA.

There is a popular server that has like hotmail and some other pages, I have this same issue a couple of months ago, I dont remember the name of the company.

But yeah, long story short (too late now ) Websense no longer support caching...

Hope it helps

Mike

View solution in original post

Maykol Rojas · ‎10-21-2010

Hello Hailu,

This is Mike, the feature of URL caching is based on the url-server support. If you are not seeing any hitcounts over there it means that there may be an issue regarding to the server. Now, the documentation states that Websense does support web caching, but it does not on the newest versions. That is something that can be clarified by your Websense support.

Now, I wouldnt recommend you to do caching, nowdays there are servers on the outside world that are hosting several websites like facebook and some other pages and you may be blocking pages that you dont want, why, here is the deal:

You try to open facebook.com which it is a blocked page on your company and it opens with ip 11.11.11.11

Later on you try to open cnn.com which is an allowed site, but you realize that it opens with 11.11.11.11, and because you have that IP address cache it will be blocked by websense and the ASA.

There is a popular server that has like hotmail and some other pages, I have this same issue a couple of months ago, I dont remember the name of the company.

But yeah, long story short (too late now ) Websense no longer support caching...

Hope it helps

Mike

hxmengmetro · ‎10-22-2010

Thanks a lot Mike. You are right. The websense support said same thing. By the way, do you know the "Request dropped" in url-server statistics? What does that mean?

As I understand, it means the url lookup request sent from ASA to websense got dropped since no response or time out from websense server? Is this correct? But how about the other counter "Server Timeouts"? Is there any relation between these two counters? It seems "server timeout" doesn't have to cause the dropped request from what I'm seeing.

Thanks a lot.

Lou