Logging HTTP requests on ISR with ZBPF

Unanswered Question
Jun 19th, 2009

Hello!

Is it possible to log URLs from HTTP requests on ISR with ZBPF without external URL filtering server?

I tried following configuration

!

parameter-map type inspect par-Inspect-HTTP

audit-trail on

parameter-map type regex par-URL

pattern .*

!

!

class-map type inspect match-all cm-HTTP

match protocol http

class-map type inspect http match-any cm-ihttp

match request uri regex par-URL

!

!

policy-map type inspect http pm-ihttp

class type inspect http cm-ihttp

log

allow

class class-default

policy-map type inspect pm-Out

class type inspect cm-HTTP

inspect par-Inspect-HTTP

service-policy http pm-ihttp

class class-default

pass

!

!

zone-pair security Int-to-Ext source Internal destination External

service-policy type inspect pm-Out

!

But in log file I got only messages about matching:

*Mar 2 10:00:41.588: %APPFW-4-HTTP_URI_REGEX_MATCHED: URI regex (.*) matched - session 172.16.0.2:60152 198.133.219.25:80 on zone-pair Int-to-Ext class cm-HTTP appl-cl

ass cm-ihttp

*Mar 2 10:00:41.608: %APPFW-4-HTTP_URI_REGEX_MATCHED: URI regex (.*) matched - session 172.16.0.2:56905 198.133.219.25:80 on zone-pair Int-to-Ext class cm-HTTP appl-cl

ass cm-ihttp

But I wish to see full URL in log. Is it possible? Thanks in advance.

-- Alexander

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pradeepde Thu, 06/25/2009 - 05:23

%APPFW-4-HTTP_URI_REGEX_MATCHED : URI regex ([chars]) matched -[chars]

Explanation The Universal Resource Indicator of an HTTP request has matched one of the configured regular expressions.

Recommended Action This message is informational only, but may indicate a security problem.

Actions

This Discussion