Logging HTTP requests on ISR with ZBPF

kritskiy_monstr · ‎06-19-2009

Hello!

Is it possible to log URLs from HTTP requests on ISR with ZBPF without external URL filtering server?

I tried following configuration

!

parameter-map type inspect par-Inspect-HTTP

audit-trail on

parameter-map type regex par-URL

pattern .*

!

class-map type inspect match-all cm-HTTP

match protocol http

class-map type inspect http match-any cm-ihttp

match request uri regex par-URL

!

policy-map type inspect http pm-ihttp

class type inspect http cm-ihttp

log

allow

class class-default

policy-map type inspect pm-Out

class type inspect cm-HTTP

inspect par-Inspect-HTTP

service-policy http pm-ihttp

class class-default

pass

!

zone-pair security Int-to-Ext source Internal destination External

service-policy type inspect pm-Out

!

But in log file I got only messages about matching:

*Mar 2 10:00:41.588: %APPFW-4-HTTP_URI_REGEX_MATCHED: URI regex (.*) matched - session 172.16.0.2:60152 198.133.219.25:80 on zone-pair Int-to-Ext class cm-HTTP appl-cl

ass cm-ihttp

*Mar 2 10:00:41.608: %APPFW-4-HTTP_URI_REGEX_MATCHED: URI regex (.*) matched - session 172.16.0.2:56905 198.133.219.25:80 on zone-pair Int-to-Ext class cm-HTTP appl-cl

ass cm-ihttp

But I wish to see full URL in log. Is it possible? Thanks in advance.

-- Alexander

pradeepde · ‎06-25-2009

%APPFW-4-HTTP_URI_REGEX_MATCHED : URI regex ([chars]) matched -[chars]

Explanation The Universal Resource Indicator of an HTTP request has matched one of the configured regular expressions.

Recommended Action This message is informational only, but may indicate a security problem.