Hello!
Is it possible to log URLs from HTTP requests on ISR with ZBPF without external URL filtering server?
I tried following configuration
!
parameter-map type inspect par-Inspect-HTTP
audit-trail on
parameter-map type regex par-URL
pattern .*
!
!
class-map type inspect match-all cm-HTTP
match protocol http
class-map type inspect http match-any cm-ihttp
match request uri regex par-URL
!
!
policy-map type inspect http pm-ihttp
class type inspect http cm-ihttp
log
allow
class class-default
policy-map type inspect pm-Out
class type inspect cm-HTTP
inspect par-Inspect-HTTP
service-policy http pm-ihttp
class class-default
pass
!
!
zone-pair security Int-to-Ext source Internal destination External
service-policy type inspect pm-Out
!
But in log file I got only messages about matching:
*Mar 2 10:00:41.588: %APPFW-4-HTTP_URI_REGEX_MATCHED: URI regex (.*) matched - session 172.16.0.2:60152 198.133.219.25:80 on zone-pair Int-to-Ext class cm-HTTP appl-cl
ass cm-ihttp
*Mar 2 10:00:41.608: %APPFW-4-HTTP_URI_REGEX_MATCHED: URI regex (.*) matched - session 172.16.0.2:56905 198.133.219.25:80 on zone-pair Int-to-Ext class cm-HTTP appl-cl
ass cm-ihttp
But I wish to see full URL in log. Is it possible? Thanks in advance.
-- Alexander