HTTP request snarfing with ASA firewall?

Unanswered Question
Sep 1st, 2009

Hi,

I have a scenario I'm trying to debug and I'm hoping if I describe it it will jump out at someone who is more knowledgeable than me.

Basically, I'm using WCCP on the ASA Firewall to redirect local requests to a squid box which then passes them across to data-center.

If my HTTP request uses the full hostname it all works fine, if I use http://$ip_address it also works fine.

However, if I use a short-hostname I seem to be falling foul of something which I believe is the ASA Firewall chewing up the requests. I *know* that the client machine can resolve the short-name and can resolve it correctly. I know this because I can telnet to port 80 on the web-server and the connection initiates fine.

However, when I send a HTTP request with a short "Host" header it gets dropped before it reaches the local squid box. I know this because I'm tcpdumping on the squid box and it isn't getting there.

If I actually RDP into the data-center and issue a HTTP request with the same short hostname in the HTTP "Host" header I can see it works fine so it isn't a case of the web-server dropping it.

So basically my theory is that the ASA Firewall is looking into the HTTP request and trying to check that HTTP host header is ok and somehow deciding that it is not in the short case.

Does ASA Firewall have a feature where it looks at the host header in a HTTP request and if it is not resolvable it drops the packet? If so what would the Cisco configuration look like? I don't have direct access to the ASA firewall myself so it is quite hard to debug by proxy.

Thanks,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion