37-33
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 37 Configuring Inspection of Basic Internet Protocols
HTTP Inspection
URI filtering: Not configured
Advanced inspections: Not configured
–
High
Protocol violation action: Drop connection and log
Drop connections for unsafe methods: Allow only GET and HEAD.
Drop connections for requests with non-ASCII headers: Enabled
URI filtering: Not configured
Advanced inspections: Not configured
–
URI Filtering—Opens the URI Filtering dialog box which lets you configure the settings for an
URI filter.
–
Default Level—Sets the security level back to the default.
• Details—Shows the Parameters and Inspections tabs to configure additional settings.
Modes
The following table shows the modes in which this feature is available:
Add/Edit HTTP Policy Map (Details)
The Add/Edit HTTP Policy Map (Details) dialog box is accessible as follows:
Configuration > Global Objects > Inspect Maps > HTTP > HTTP Inspect Map > Advanced View
The Add/Edit HTTP Policy Map pane lets you configure the security level and additional settings for
HTTP application inspection maps.
Fields
• Name—When adding an HTTP map, enter the name of the HTTP map. When editing an HTTP map,
the name of the previously configured HTTP map is shown.
• Description—Enter the description of the HTTP map, up to 200 characters in length.
• Security Level—Shows the security level and URI filtering settings to configure.
• Parameters—Tab that lets you configure the parameters for the HTTP inspect map.
–
Check for protocol violations—Checks for HTTP protocol violations.
Action—Drop Connection, Reset, Log.
Log—Enable or disable.
–
Spoof server string—Replaces the server HTTP header value with the specified string.
Spoof String—Enter a string to substitute for the server header field. Maximum is 82 characters.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
••••—
To Next Page
Loading...
Need help?
General
