topic ASA blocking long URL access in Network Security

ASA blocking long URL access

paulnigel — Fri, 21 Feb 2020 09:13:22 GMT

Hi Forum,

I can't seem to find an answer for my ASA blocking long URL access. below is the only http filtering configurations i can find on my firewall. could it be the default settings? How do I turn it off, Is there a better way?

I am using ASA5500.

Thanks much,

paul

http-map inbound_http

content-length min 100 max 2000 action allow log

content-type-verification match-req-rsp action allow log

max-header-length request 100 action allow log

max-uri-length 100 action allow log

Re: ASA blocking long URL access

Andrew von Nagy — Mon, 09 Oct 2006 03:41:19 GMT

Do you have any filter http commands and url-server commands configured? If so, there is an option to truncate long URLs.

Also, bugs appear to exist in the http inspection engine in releases after 7.1(2). Try disabling the http inspection and see if the problem disappears.

Andrew

Re: ASA blocking long URL access

paulnigel — Mon, 09 Oct 2006 04:04:04 GMT

Hi Andrew,

Thanks much for your help. when I turned off the http inspection, the error is gone. I do not have any filter http commands and url-server commands configured.

however, my firewall version is 7.0(4), is there a bug for this version?

thanks much for your help,

paul

========================================

sh ver

Cisco Adaptive Security Appliance Software Version 7.0(4)

Device Manager Version 5.0(4)

Compiled on Thu 13-Oct-05 21:43 by builders

System image file is "disk0:/asa704-k8.bin"

Config file at boot was "startup-config"

pixfirewall up 76 days 18 hours

Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz

Internal ATA Compact Flash, 64MB

BIOS Flash AT49LW080: @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

Boot microcode : CNlite-MC-Boot-Cisco-1.2

SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03

IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04

0: Ext: Ethernet0/0 : address is 0015.c695.ab9a, irq 9

1: Ext: Ethernet0/1 : address is 0015.c695.ab9b, irq 9

2: Ext: Ethernet0/2 : address is 0015.c695.ab9c, irq 9

3: Ext: Ethernet0/3 : address is 0015.c695.ab9d, irq 9

4: Ext: Management0/0 : address is 0015.c695.ab99, irq 11

5: Int: Not licensed : irq 11

6: Int: Not licensed : irq 5

<--- More --->

Licensed features for this platform:

Maximum Physical Interfaces : Unlimited

Maximum VLANs : 10

Inside Hosts : Unlimited

Failover : Active/Standby

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Security Contexts : 0

GTP/GPRS : Disabled

VPN Peers : 150

This platform has an ASA 5510 Security Plus license.

Serial Number: xxx

Running Activation Key: xxx

Configuration register is 0x1

Configuration last modified by enable_15 at 12:58:54.429 Mal Mon Oct 9 2006

pixfirewall#