Support User Manuals

Cisco Systems ASA 5505 Webcam User Manual

Open as PDF

of 754

11-34

Cisco ASA Series Firewall ASDM Configuration Guide

Chapter 11 Configuring Inspection of Basic Internet Protocols

HTTP Inspection

URI filtering: Not configured

Advanced inspections: Not configured

–

High

Protocol violation action: Drop connection and log

Drop connections for unsafe methods: Allow only GET and HEAD.

Drop connections for requests with non-ASCII headers: Enabled

URI filtering: Not configured

Advanced inspections: Not configured

–

URI Filtering—Opens the URI Filtering dialog box which lets you configure the settings for an

URI filter.

–

Default Level—Sets the security level back to the default.

• Details—Shows the Parameters and Inspections tabs to configure additional settings.

Add/Edit HTTP Policy Map (Details)

The Add/Edit HTTP Policy Map (Details) dialog box is accessible as follows:

Configuration > Global Objects > Inspect Maps > HTTP > HTTP Inspect Map > Advanced View

The Add/Edit HTTP Policy Map pane lets you configure the security level and additional settings for

HTTP application inspection maps.

Fields

• Name—When adding an HTTP map, enter the name of the HTTP map. When editing an HTTP map,

the name of the previously configured HTTP map is shown.

• Description—Enter the description of the HTTP map, up to 200 characters in length.

• Security Level—Shows the security level and URI filtering settings to configure.

• Parameters—Tab that lets you configure the parameters for the HTTP inspect map.

–

Check for protocol violations—Checks for HTTP protocol violations.

Action—Drop Connection, Reset, Log.

Log—Enable or disable.

–

Spoof server string—Replaces the server HTTP header value with the specified string.

Spoof String—Enter a string to substitute for the server header field. Maximum is 82 characters.

–

Body Match Maximum—The maximum number of characters in the body of an HTTP message

that should be searched in a body match. Default is 200 bytes. A large number will have a

significant impact on performance.

• Inspections—Tab that shows you the HTTP inspection configuration and lets you add or edit.

–

Match Type—Shows the match type, which can be a positive or negative match.

–

Criterion—Shows the criterion of the HTTP inspection.

–

Value—Shows the value to match in the HTTP inspection.

–

Action—Shows the action if the match condition is met.

–

Log—Shows the log state.

previous next