https://community.cisco.com/t5/network-security/asa-http-strict-inspection-what-parameters/m-p/996265#M939757 <HTML><HEAD></HEAD><BODY><P>Enhanced HTTP inspection verifies that HTTP messages conform to RFC 2616 <A class="jive-link-custom" href="http://www.ietf.org/rfc/rfc2616.txt" target="_blank">http://www.ietf.org/rfc/rfc2616.txt</A>, use RFC-defined methods or supported extension methods, and comply with various other criteria. In many cases, you can configure these criteria and the system response when the criteria are not met which are considered as HTTP protocol violation.</P><P></P><P>The criteria that you can apply to HTTP messages include the following:</P><P></P><P>â&#128;¢Does not include any method on a configurable list.</P><P>â&#128;¢Specific transfer encoding method or application type.</P><P>â&#128;¢HTTP transaction adheres to RFC specification.</P><P>â&#128;¢Message body size is within configurable limits.</P><P>â&#128;¢Request and response message header size is within a configurable limit.</P><P>â&#128;¢URI length is within a configurable limit.</P><P>â&#128;¢The content-type in the message body matches the header.</P><P>â&#128;¢The content-type in the response message matches the accept-type field in the request message.</P><P>â&#128;¢The content-type in the message is included in a predefined internal list.</P><P>â&#128;¢Message meets HTTP RFC format criteria.</P><P>â&#128;¢Presence or absence of selected supported applications.</P><P>â&#128;¢Presence or absence of selected encoding types.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/inspect.html#wp1431359" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/inspect.html#wp1431359</A></P><P></P><P>"debug appfw" enables the display of detailed information about application inspection. "undebug all" commands turn off all enabled debug commands.</P><P></P><P>HTH</P></BODY></HTML> Sat, 12 Apr 2008 23:25:16 GMT pengfang 2008-04-12T23:25:16Z https://community.cisco.com/t5/network-security/asa-http-strict-inspection-what-parameters/m-p/996262#M939753 <P>I have the violation action set to log but there's no detail... neither the URL nor what's wrong with it. I looked at show asp drop (tcp issues) and show service-policy (just a counter of total protocol violations)... is there detail somewhere?</P><P></P><P>I can't even find a list of what constitutes a protocol violation... For instance, what's the limit for "excessive URL length"?</P><P></P><P>Thanks - Al</P> Mon, 11 Mar 2019 12:27:18 GMT https://community.cisco.com/t5/network-security/asa-http-strict-inspection-what-parameters/m-p/996262#M939753 ALAN HARKRADER 2019-03-11T12:27:18Z https://community.cisco.com/t5/network-security/asa-http-strict-inspection-what-parameters/m-p/996263#M939754 <HTML><HEAD></HEAD><BODY><P>Make sure that HTTP inspection policy is configured right to filter the traffic. Refer the sample configuration ar <A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/mpc.html#wp1061200" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/mpc.html#wp1061200</A></P></BODY></HTML> Fri, 11 Apr 2008 15:51:31 GMT https://community.cisco.com/t5/network-security/asa-http-strict-inspection-what-parameters/m-p/996263#M939754 irisrios 2008-04-11T15:51:31Z https://community.cisco.com/t5/network-security/asa-http-strict-inspection-what-parameters/m-p/996264#M939756 <HTML><HEAD></HEAD><BODY><P>Oh, it's working... but I don't know what is considered an HTTP protocol violation.</P></BODY></HTML> Fri, 11 Apr 2008 19:55:42 GMT https://community.cisco.com/t5/network-security/asa-http-strict-inspection-what-parameters/m-p/996264#M939756 ALAN HARKRADER 2008-04-11T19:55:42Z https://community.cisco.com/t5/network-security/asa-http-strict-inspection-what-parameters/m-p/996265#M939757 <HTML><HEAD></HEAD><BODY><P>Enhanced HTTP inspection verifies that HTTP messages conform to RFC 2616 <A class="jive-link-custom" href="http://www.ietf.org/rfc/rfc2616.txt" target="_blank">http://www.ietf.org/rfc/rfc2616.txt</A>, use RFC-defined methods or supported extension methods, and comply with various other criteria. In many cases, you can configure these criteria and the system response when the criteria are not met which are considered as HTTP protocol violation.</P><P></P><P>The criteria that you can apply to HTTP messages include the following:</P><P></P><P>â&#128;¢Does not include any method on a configurable list.</P><P>â&#128;¢Specific transfer encoding method or application type.</P><P>â&#128;¢HTTP transaction adheres to RFC specification.</P><P>â&#128;¢Message body size is within configurable limits.</P><P>â&#128;¢Request and response message header size is within a configurable limit.</P><P>â&#128;¢URI length is within a configurable limit.</P><P>â&#128;¢The content-type in the message body matches the header.</P><P>â&#128;¢The content-type in the response message matches the accept-type field in the request message.</P><P>â&#128;¢The content-type in the message is included in a predefined internal list.</P><P>â&#128;¢Message meets HTTP RFC format criteria.</P><P>â&#128;¢Presence or absence of selected supported applications.</P><P>â&#128;¢Presence or absence of selected encoding types.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/inspect.html#wp1431359" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/inspect.html#wp1431359</A></P><P></P><P>"debug appfw" enables the display of detailed information about application inspection. "undebug all" commands turn off all enabled debug commands.</P><P></P><P>HTH</P></BODY></HTML> Sat, 12 Apr 2008 23:25:16 GMT https://community.cisco.com/t5/network-security/asa-http-strict-inspection-what-parameters/m-p/996265#M939757 pengfang 2008-04-12T23:25:16Z