cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9430
Views
3
Helpful
4
Replies

ASA Default HTTP inspection

jmprats
Level 4
Level 4

I have enabled default http inspection in a ASA Firewall

inspect http

Is it doing anything? or does it need an inspection map?

It inspects packets but doesn't drop anything

Result of the command: "sh service-poli global inspect http"

Global policy:
  Service-policy: global_policy
    Class-map: inspection_default
      Inspect: http, packet 729530, drop 0, reset-drop 0

I have tested with very large URL and strange caracters or telnet to port 80 ... But the drop count is 0

Any help to see one drop?

Thanks

4 Replies 4

Hi,

The default HTTP inspection protects against specific attacks or threats against HTTP traffic.

If you would like to customize the inspection for additional control you would have to create a Layer 7 Policy Map for HTTP.

Federico.

OK, but how can I test it is working?

I can't see any drop yet, with sh service-policy inspect http

It seems to do nothing

jmprats
Level 4
Level 4

OK, I have to enable an Inspect-map, then there are packet drops. Like this:

policy-map type inspect http HTTP_Secure
parameters
  protocol-violation action drop-connection

policy-map global_policy
class inspection_default

   inspect http HTTP_Secure

   ....

service-policy global_policy global

But, now I have packets drops in websites that I need to allow. How can I allow some websites that they don't pass the protocol-violation test?

Any help?

You can use regex to block traffic for only some URLs (or not block some URLs).

Please take a look:

https://supportforums.cisco.com/docs/DOC-1268

Federico.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: