Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1395
Views
0
Helpful
3
Replies

ASA HTTP strict inspection -- what parameters?

Go to solution
ALAN HARKRADER
Level 4
Level 4

‎04-04-2008 07:49 AM - edited ‎03-11-2019 05:27 AM

I have the violation action set to log but there's no detail... neither the URL nor what's wrong with it. I looked at show asp drop (tcp issues) and show service-policy (just a counter of total protocol violations)... is there detail somewhere?

I can't even find a list of what constitutes a protocol violation... For instance, what's the limit for "excessive URL length"?

Thanks - Al

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pengfang
Level 1
Level 1
In response to ALAN HARKRADER

‎04-12-2008 04:25 PM

Enhanced HTTP inspection verifies that HTTP messages conform to RFC 2616 http://www.ietf.org/rfc/rfc2616.txt, use RFC-defined methods or supported extension methods, and comply with various other criteria. In many cases, you can configure these criteria and the system response when the criteria are not met which are considered as HTTP protocol violation.

The criteria that you can apply to HTTP messages include the following:

•Does not include any method on a configurable list.

•Specific transfer encoding method or application type.

•HTTP transaction adheres to RFC specification.

•Message body size is within configurable limits.

•Request and response message header size is within a configurable limit.

•URI length is within a configurable limit.

•The content-type in the message body matches the header.

•The content-type in the response message matches the accept-type field in the request message.

•The content-type in the message is included in a predefined internal list.

•Message meets HTTP RFC format criteria.

•Presence or absence of selected supported applications.

•Presence or absence of selected encoding types.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/inspect.html#wp1431359

"debug appfw" enables the display of detailed information about application inspection. "undebug all" commands turn off all enabled debug commands.

HTH

View solution in original post

0 Helpful
3 Replies 3

Go to solution
irisrios
Level 6
Level 6

‎04-11-2008 08:51 AM

Make sure that HTTP inspection policy is configured right to filter the traffic. Refer the sample configuration ar http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/mpc.html#wp1061200

0 Helpful

Go to solution
ALAN HARKRADER
Level 4
Level 4
In response to irisrios

‎04-11-2008 12:55 PM

Oh, it's working... but I don't know what is considered an HTTP protocol violation.

0 Helpful

Go to solution
pengfang
Level 1
Level 1
In response to ALAN HARKRADER

‎04-12-2008 04:25 PM

Enhanced HTTP inspection verifies that HTTP messages conform to RFC 2616 http://www.ietf.org/rfc/rfc2616.txt, use RFC-defined methods or supported extension methods, and comply with various other criteria. In many cases, you can configure these criteria and the system response when the criteria are not met which are considered as HTTP protocol violation.

The criteria that you can apply to HTTP messages include the following:

•Does not include any method on a configurable list.

•Specific transfer encoding method or application type.

•HTTP transaction adheres to RFC specification.

•Message body size is within configurable limits.

•Request and response message header size is within a configurable limit.

•URI length is within a configurable limit.

•The content-type in the message body matches the header.

•The content-type in the response message matches the accept-type field in the request message.

•The content-type in the message is included in a predefined internal list.

•Message meets HTTP RFC format criteria.

•Presence or absence of selected supported applications.

•Presence or absence of selected encoding types.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/inspect.html#wp1431359

"debug appfw" enables the display of detailed information about application inspection. "undebug all" commands turn off all enabled debug commands.

HTH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card