Chapter 37
Configuring Inspection of Basic Internet Protocols
•
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
Add/Edit HTTP Policy Map (Details)
The Add/Edit HTTP Policy Map (Details) dialog box is accessible as follows:
Configuration > Global Objects > Inspect Maps > HTTP > HTTP Inspect Map > Advanced View
The Add/Edit HTTP Policy Map pane lets you configure the security level and additional settings for
HTTP application inspection maps.
Fields
•
•
•
•
OL-20339-01
URI filtering: Not configured
Advanced inspections: Not configured
High
–
Protocol violation action: Drop connection and log
Drop connections for unsafe methods: Allow only GET and HEAD.
Drop connections for requests with non-ASCII headers: Enabled
URI filtering: Not configured
Advanced inspections: Not configured
URI Filtering—Opens the URI Filtering dialog box which lets you configure the settings for an
–
URI filter.
Default Level—Sets the security level back to the default.
–
Details—Shows the Parameters and Inspections tabs to configure additional settings.
Security Context
Transparent Single
•
•
Name—When adding an HTTP map, enter the name of the HTTP map. When editing an HTTP map,
the name of the previously configured HTTP map is shown.
Description—Enter the description of the HTTP map, up to 200 characters in length.
Security Level—Shows the security level and URI filtering settings to configure.
Parameters—Tab that lets you configure the parameters for the HTTP inspect map.
–
Check for protocol violations—Checks for HTTP protocol violations.
Action—Drop Connection, Reset, Log.
Log—Enable or disable.
Spoof server string—Replaces the server HTTP header value with the specified string.
–
Spoof String—Enter a string to substitute for the server header field. Maximum is 82 characters.
Multiple
Context
System
—
•
Cisco ASA 5500 Series Configuration Guide using ASDM
HTTP Inspection
37-33