11-25-2010 02:13 AM - edited 03-11-2019 12:14 PM
I have enabled default http inspection in a ASA Firewall
inspect http
Is it doing anything? or does it need an inspection map?
It inspects packets but doesn't drop anything
Result of the command: "sh service-poli global inspect http"
Global policy:
Service-policy: global_policy
Class-map: inspection_default
Inspect: http, packet 729530, drop 0, reset-drop 0
I have tested with very large URL and strange caracters or telnet to port 80 ... But the drop count is 0
Any help to see one drop?
Thanks
11-25-2010 06:29 AM
Hi,
The default HTTP inspection protects against specific attacks or threats against HTTP traffic.
If you would like to customize the inspection for additional control you would have to create a Layer 7 Policy Map for HTTP.
Federico.
11-26-2010 12:59 AM
OK, but how can I test it is working?
I can't see any drop yet, with sh service-policy inspect http
It seems to do nothing
12-03-2010 01:01 AM
OK, I have to enable an Inspect-map, then there are packet drops. Like this:
policy-map type inspect http HTTP_Secure
parameters
protocol-violation action drop-connection
policy-map global_policy
class inspection_default
inspect http HTTP_Secure
....
service-policy global_policy global
But, now I have packets drops in websites that I need to allow. How can I allow some websites that they don't pass the protocol-violation test?
Any help?
12-03-2010 05:09 AM
You can use regex to block traffic for only some URLs (or not block some URLs).
Please take a look:
https://supportforums.cisco.com/docs/DOC-1268
Federico.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: