Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

http uri inspect help

I am trying to block access to urls that include a certain file name as part of an exploit. Here is a sample URL:

What is usually common in the exploits I am looking to block is the Here is what I have so far, but the regex, even though it tests good so far in ASDM does not fire.

regex "udp"

class-map inspection_default

match default-inspection-traffic

class-map outside-class

match port tcp eq www



policy-map type inspect dns migrated_dns_map_1


message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns migrated_dns_map_1

inspect esmtp

inspect ftp strict

policy-map type inspect http http_inspect


protocol-violation action drop-connection log

match request uri regex

drop-connection log

policy-map outside-policy

class outside-class

inspect http http_inspect


service-policy global_policy global

service-policy outside-policy interface outside

fw1# show service-policy

Global policy:

Service-policy: global_policy

Class-map: inspection_default

Inspect: dns migrated_dns_map_1, packet 122579, drop 37, reset-drop 0

Inspect: esmtp _default_esmtp_map, packet 65958, drop 0, reset-drop 0

Inspect: ftp strict, packet 31696, drop 50, reset-drop 43

Interface outside:

Service-policy: outside-policy

Class-map: outside-class

Inspect: http http_inspect, packet 716, drop 0, reset-drop 0


Re: http uri inspect help

HTTP Inspection and URL Inspection are completely independent services. Enhanced HTTP inspection is configured via an 'http-map', which is then applied to the 'inspect htttp' statement.Both URL Filtering (via Websense and N2H2), and Java/ActiveX filtering are independant of enabling/disabling 'inspect http'.

Check this bug details: CSCsd80188

try this configuration guide for HTTP inspection.

CreatePlease to create content