When i learning Firepower Intrusion Policy, i create a IPS Rule like the picture, i want to block traffic from test-pc to http server when the uri contain "configure" keyword, but it not work properly. i didn't see the intrusion events.
Add metadata with service http. See whether it fires now.
When you test, add logging to the ACP rule and provide with the connection event screenshot (from the table view of events, multiple screenshots to cover all the fields) associated with the test you're performing.
I configure two intrusion rule:intrusion rule "http certsrv" and intrusion rule "http configure". Like the picture, but when i test it, the "http certsrv" is work properly, but the "http configure" didn't. use windows server 2008 as web server for test about "http certsrv", use Cisco IOS as web server for test "http configure".