Cisco Systems ASA 5585-X Network Router User Manual


  Open as PDF
of 2086
 
47-34
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 47 Configuring Inspection of Basic Internet Protocols
HTTP Inspection
Configuration > Global Objects > Inspect Maps > HTTP > HTTP Inspect Map > Advanced View
The Add/Edit HTTP Policy Map pane lets you configure the security level and additional settings for
HTTP application inspection maps.
Fields
Name—When adding an HTTP map, enter the name of the HTTP map. When editing an HTTP map,
the name of the previously configured HTTP map is shown.
Description—Enter the description of the HTTP map, up to 200 characters in length.
Security Level—Shows the security level and URI filtering settings to configure.
Parameters—Tab that lets you configure the parameters for the HTTP inspect map.
Check for protocol violations—Checks for HTTP protocol violations.
Action—Drop Connection, Reset, Log.
Log—Enable or disable.
Spoof server string—Replaces the server HTTP header value with the specified string.
Spoof String—Enter a string to substitute for the server header field. Maximum is 82 characters.
Body Match Maximum—The maximum number of characters in the body of an HTTP message
that should be searched in a body match. Default is 200 bytes. A large number will have a
significant impact on performance.
Inspections—Tab that shows you the HTTP inspection configuration and lets you add or edit.
Match Type—Shows the match type, which can be a positive or negative match.
Criterion—Shows the criterion of the HTTP inspection.
Value—Shows the value to match in the HTTP inspection.
Action—Shows the action if the match condition is met.
Log—Shows the log state.
Add—Opens the Add HTTP Inspect dialog box to add an HTTP inspection.
Edit—Opens the Edit HTTP Inspect dialog box to edit an HTTP inspection.
Delete—Deletes an HTTP inspection.
Move Up—Moves an inspection up in the list.
Move Down—Moves an inspection down in the list.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
••••
 previous next