Managing Http Response Scanning - McAfee M-1250 - Network Security Platform Configuration Manual

McAfee® Network Security Platform 5.1
Figure 50: Re-assign Policy Dialog
10
11

Managing HTTP response scanning

The HTTP Response settings enable you to configure Network Security Platform to
inspect HTTP responses for exploits on a per-monitoring port and direction basis. The
Sensor will be able to scan plain HTML text responses (but not traffic containing zipped,
encrypted or MIME-encoded content)
Note the following:
•
•
•
•
Based on the needs of your organization, you may want to enable HTTP response
inspection for inbound traffic, outbound traffic, or both directions. Consider the examples
below.
For all the examples below, you must ensure that the following configuration is present
before you enable HTTP Response scanning:
Ctrl
Tip: You can use the or
respectively.
OK,
Click for re-assigning the policy.
Push the configuration changes to the Sensor for the changes to be effective. For
more information on updating Sensor configuration, see Updating the Configuration of
Sensor Configuration Guide
all Sensors,
HTTP response processing is disabled by default.
You can enable it in each direction on a port or an interface pair.
To minimize the potential performance impact on the Sensor, enable HTTP response
processing on a minimum number of ports and only in the required directions to
achieve your protection goals. For performance information, see
McAfee recommends that you enable HTTP response processing on the outbound
traffic. Consider enabling HTTP response on the inbound traffic
your internal Web Server is/could be compromised.
Shift
key to select individual or adjacent list entries
.
48
Managing IPS settings
Best Practices Guide
.
only
if you suspect that