bwallander Fri, 07/24/2009 - 15:31
User Badges:

All ASA models should be able to accommodate for this using a specific enough regex string within an inspect class-map riding in an http inspect policy-map. You'd have to know what you are looking for to match with regex, whose config lines are limited to 100-something chars. For something more scalable and configurable, a full-fledged IPS would probably be preferred.

jim_berlow Mon, 08/03/2009 - 12:19
User Badges:
  • Bronze, 100 points or more

You might also take a look at the ACE Web Application Firewall (WAF). This product is specifically designed for protecting websites against attacks like this (and a number of other web specific attacks).


Jim

suschoud Mon, 08/03/2009 - 15:53
User Badges:
  • Gold, 750 points or more

Any ASA with IPS module in it can take care of all types of known attacks.


the signature definition database of ips gets updated every week/ 15 days.you can set it up to auto update and it'll fetch those definitions on it's own.



f/w with intrusion prevention system is the complete solution to go for.Alone,f/w is not effective enough when it comes to layer 7 inspection.



hTh

Sushil

TAC

Actions

This Discussion