Cisco Systems ASA 5545-X, ASA 5555-X, ASA 5580, ASA 5585-X, ASA Services Module, ASA 5505 Add/Edit HTTP Policy Map (Details)

11-34

Cisco ASA Series Firewall ASDM Configuration Guide

Chapter11 Configuring Inspection of Basic Internet Protocols

HTTP Inspection

URI filtering: Not configured

Advanced inspections: Not configured

–

High

Protocol violation action: Drop connection and log

Drop connections for unsafe methods: Allow only GET and HEAD.

Drop connections for requests with non-ASCII headers: Enabled

URI filtering: Not configured

Advanced inspections: Not configured

–

URI Filtering—Opens the URI Filtering dialog box which lets you configure the settings for an

URI filter.

–

Default Level—Sets the security level back to the default.

•Details—Shows the Parameters and Inspections tabs to configure additional settings.

Add/Edit HTTP Policy Map (Details)

The Add/Edit HTTP Policy Map (Details) dialog box is accessible as follows:

Configuration> Global Objects > Inspect Maps > HTTP > HTTP Inspect Map > Advanced View

The Add/Edit HTTP Policy Map pane lets you configure the security level and additional settings for

HTTP application inspection maps.

Fields

•Name—When adding an HTTP map, enter the name of the HTTP map. When editing an HTTP map,

the name of the previously configured HTTP map is shown.

•Description—Enter the description of the HTTP map, up to 200 characters in length.

•Security Level—Shows the security level and URI filtering settings to configure.

•Parameters—Tab that lets you configure the parameters for the HTTP inspect map.

–

Check for protocol violations—Checks for HTTP protocol violations.

Action—Drop Connection, Reset, Log.

Log—Enable or disable.

–

Spoof server string—Replaces the server HTTP header value with the specified string.

Spoof String—Enter a string to substitute for the server header field. Maximum is 82 characters.

–

Body Match Maximum—The maximum number of characters in the body of an HTTP message

that should be searched in a body match. Default is 200 bytes. A large number will have a

significant impact on performance.

•Inspections—Tab that shows you the HTTP inspection configuration and lets you add or edit.

–

Match Type—Shows the match type, which can be a positive or negative match.

–

Criterion—Shows the criterion of the HTTP inspection.

–

Value—Shows the value to match in the HTTP inspection.

–

Action—Shows the action if the match condition is met.

–

Log—Shows the log state.

Cisco Systems Add/Edit HTTP Policy Map (Details)

Models: ASA 5545-X ASA 5555-X ASA 5580 ASA 5585-X ASA Services Module ASA 5505