http uri inspect help

Unanswered Question
Sep 4th, 2007
User Badges:

I am trying to block access to urls that include a certain file name as part of an exploit. Here is a sample URL:

What is usually common in the exploits I am looking to block is the Here is what I have so far, but the regex, even though it tests good so far in ASDM does not fire.

regex "udp"

class-map inspection_default

match default-inspection-traffic

class-map outside-class

match port tcp eq www



policy-map type inspect dns migrated_dns_map_1


message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns migrated_dns_map_1

inspect esmtp

inspect ftp strict

policy-map type inspect http http_inspect


protocol-violation action drop-connection log

match request uri regex

drop-connection log

policy-map outside-policy

class outside-class

inspect http http_inspect


service-policy global_policy global

service-policy outside-policy interface outside

fw1# show service-policy

Global policy:

Service-policy: global_policy

Class-map: inspection_default

Inspect: dns migrated_dns_map_1, packet 122579, drop 37, reset-drop 0

Inspect: esmtp _default_esmtp_map, packet 65958, drop 0, reset-drop 0

Inspect: ftp strict, packet 31696, drop 50, reset-drop 43

Interface outside:

Service-policy: outside-policy

Class-map: outside-class

Inspect: http http_inspect, packet 716, drop 0, reset-drop 0

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Anonymous (not verified) Mon, 09/10/2007 - 11:27
User Badges:

HTTP Inspection and URL Inspection are completely independent services. Enhanced HTTP inspection is configured via an 'http-map', which is then applied to the 'inspect htttp' statement.Both URL Filtering (via Websense and N2H2), and Java/ActiveX filtering are independant of enabling/disabling 'inspect http'.

Check this bug details: CSCsd80188

try this configuration guide for HTTP inspection.


This Discussion