https://community.cisco.com/t5/network-security/default-http-inspection-map/m-p/2437260#M267784 <P>I'm not sure which reference you're citing, but in ASDM if you go to "Configuration &gt; Firewall &gt; Objects &gt; Inspect Maps &gt; HTTP" and click on "Add" you will see a dialog box with a slider which shows what each level consists of by default. You can further customize by choosing the Details, URI Filtering, etc.</P><P>(Very very few people actually use the built-in http inspection and instead use either a 3rd party solution like WebSense URL filtering or a Proxy server like WSA or BlueCoat or else use the ASA CSC module of NGFX CX module with AVC and WSE.)</P><P>See the following screenshot for what I wan talking about in my first paragraph:</P><P><IMG src="https://community.cisco.com/legacyfs/online/media/capture_5.jpg" class="migrated-markup-image" /></P> Mon, 07 Apr 2014 03:01:36 GMT Marvin Rhoads 2014-04-07T03:01:36Z https://community.cisco.com/t5/network-security/default-http-inspection-map/m-p/2437259#M267783 <P>Hi guys.</P><P>When configuring Inspect HTTP there is an option to use Default HTTP Inspection Map.</P><P>Its used here as an example on the documentation;</P><P><EM><SPAN style="color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-size: 12px; line-height: normal;">From the Select HTTP Inspect Map window, check the radio button next to&nbsp;</SPAN><B style="color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-size: 12px; line-height: normal;">Use the Default HTTP inspection map</B><SPAN style="color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-size: 12px; line-height: normal;">. The default HTTP inspection is used in this example. Then, click&nbsp;</SPAN><B style="color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-size: 12px; line-height: normal;">OK</B><SPAN style="color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-size: 12px; line-height: normal;">.</SPAN></EM></P><P>However I cannot actually see anywhere what these Default settings are.</P><P>For example; it is possible to set varying security levels when configuring manually (low-medium-high) with differing options in each, but what are the security level and specific settings when choosing default?</P><P>I cannot find any reference to these.</P><P>If anyone can help that would be great.</P><P>Thanks.</P><P>Mike</P> Tue, 12 Mar 2019 04:02:21 GMT https://community.cisco.com/t5/network-security/default-http-inspection-map/m-p/2437259#M267783 mikedelafield 2019-03-12T04:02:21Z https://community.cisco.com/t5/network-security/default-http-inspection-map/m-p/2437260#M267784 <P>I'm not sure which reference you're citing, but in ASDM if you go to "Configuration &gt; Firewall &gt; Objects &gt; Inspect Maps &gt; HTTP" and click on "Add" you will see a dialog box with a slider which shows what each level consists of by default. You can further customize by choosing the Details, URI Filtering, etc.</P><P>(Very very few people actually use the built-in http inspection and instead use either a 3rd party solution like WebSense URL filtering or a Proxy server like WSA or BlueCoat or else use the ASA CSC module of NGFX CX module with AVC and WSE.)</P><P>See the following screenshot for what I wan talking about in my first paragraph:</P><P><IMG src="https://community.cisco.com/legacyfs/online/media/capture_5.jpg" class="migrated-markup-image" /></P> Mon, 07 Apr 2014 03:01:36 GMT https://community.cisco.com/t5/network-security/default-http-inspection-map/m-p/2437260#M267784 Marvin Rhoads 2014-04-07T03:01:36Z https://community.cisco.com/t5/network-security/default-http-inspection-map/m-p/2437261#M267785 <P>Sorry I think I confused things slightly.</P><P>&nbsp;</P><P>i realise an inspection map can be created. What I am referring to is that when you simply select "Use the default HTTP inspection map" - what configuration does it actually use here?</P><P>I cannot see any default map listed or what it's default settings are?</P><P>Thanks again.</P> Mon, 07 Apr 2014 10:16:34 GMT https://community.cisco.com/t5/network-security/default-http-inspection-map/m-p/2437261#M267785 mikedelafield 2014-04-07T10:16:34Z https://community.cisco.com/t5/network-security/default-http-inspection-map/m-p/2437262#M267786 <P>To enable HTTP inspection you have to specify/choose an inspection map. This is needed because in order to inspect something, it needs to know what to inspect. From what I understand, using default HTTP inspection map means that you are verifying all HTTP packets that use port 80 to conform with RFC 2616. Keep in mind that it is only verifying and won't do anything to that traffic unless you specify a policy map.</P><P>HTH,</P> Mon, 07 Apr 2014 13:05:32 GMT https://community.cisco.com/t5/network-security/default-http-inspection-map/m-p/2437262#M267786 Rudy Sanjoko 2014-04-07T13:05:32Z