MPF question

Unanswered Question
Jun 24th, 2010


ASA 5510 with no IPS/CSC modules.

Can I use the MPF to prevent files with extension .torrent from being downloaded?

Can you specify this using HTTP inspection or regex?

Thank you,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Thu, 06/24/2010 - 14:49

Exactly, I saw that document, but I don't see how to tell the ASA what to do when attemting to download a .torrent file.

I know that can be done with IPS, but again that is not the case.


charradke Mon, 08/09/2010 - 16:05

Here you go bud.  I tested this with .pdf files and it worked.  I'm not brave enough to go to a torrent site to test this.  If you're interested, here is my understanding of why it works:  GET /en/US/docs/security/asa/asa83/command/reference/cmdref.pdf HTTP/1.1

"/en/US/docs/security/asa/asa83/command/reference/cmdref.pdf" is the URI

regex TORRENT ".*\.([Tt][Oo][Rr][Rr][Ee][Nn][Tt])"

class-map type inspect http match-any TORRENT
match request uri regex TORRENT

policy-map type inspect http TORRENT
  protocol-violation action drop-connection
match request uri regex TORRENT
  drop-connection log

policy-map global_policy
class inspection_default
  inspect http TORRENT

A more elaborate configuration can be found here:


This Discussion