Home > Cisco > Computer Equipment > Cisco Asdm 7 User Guide

Cisco Asdm 7 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Asdm 7 User Guide. The Cisco manuals for Computer Equipment are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 301

    Page 301 11-27 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols HTTP Inspection The Select HTTP Map dialog box lets you select or create a new HTTP map. An HTTP map lets you change the configuration values used for HTTP application inspection. The Select HTTP Map table provides a list of previously configured maps that you can select for application inspection. Fields Use the default HTTP inspection map—Specifies to use the default HTTP... 
     
11-27
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  HTTP Inspection
The Select HTTP Map dialog box lets you select or create a new HTTP map. An HTTP map lets you 
change the configuration values used for HTTP application inspection. The Select HTTP Map table 
provides a list of previously configured maps that you can select for application inspection.
Fields
Use the default HTTP inspection map—Specifies to use the default HTTP...

    Page 302

    Page 302 11-28 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols HTTP Inspection Edit—Edits an HTTP class map. Delete—Deletes an HTTP class map. Add/Edit HTTP Match Criterion The Add/Edit HTTP Match Criterion dialog box is accessible as follows: Configuration > Global Objects > Class Maps > HTTP > Add/Edit HTTP Traffic Class Map > Add/Edit HTTP Match Criterion The Add/Edit HTTP Match Criterion dialog box lets you define the match criterion... 
     
11-28
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  HTTP Inspection
Edit—Edits an HTTP class map.
Delete—Deletes an HTTP class map.
Add/Edit HTTP Match Criterion
The Add/Edit HTTP Match Criterion dialog box is accessible as follows:
Configuration > Global Objects > Class Maps > HTTP > Add/Edit HTTP Traffic Class Map > 
Add/Edit HTTP Match Criterion
The Add/Edit HTTP Match Criterion dialog box lets you define the match criterion...

    Page 303

    Page 303 11-29 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols HTTP Inspection cookie, date, expect, expires, from, host, if-match, if-modified-since, if-none-match, if-range, if-unmodified-since, last-modified, max-forwards, pragma, proxy-authorization, range, referer, te, trailer, transfer-encoding, upgrade, user-agent, via, warning. Regular Expression—Lists the defined regular expressions to match. Manage—Opens the Manage Regular... 
     
11-29
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  HTTP Inspection
cookie, date, expect, expires, from, host, if-match, if-modified-since, if-none-match, if-range, 
if-unmodified-since, last-modified, max-forwards, pragma, proxy-authorization, range, referer, 
te, trailer, transfer-encoding, upgrade, user-agent, via, warning.
Regular Expression—Lists the defined regular expressions to match.
Manage—Opens the Manage Regular...

    Page 304

    Page 304 11-30 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols HTTP Inspection Method—Specifies to match on a request method: bcopy, bdelete, bmove, bpropfind, bproppatch, connect, copy, delete, edit, get, getattribute, getattributenames, getproperties, head, index, lock, mkcol, mkdir, move, notify, options, poll, post, propfind, proppatch, put, revadd, revlabel, revlog, revnum, save, search, setattribute, startrev, stoprev, subscribe,... 
     
11-30
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  HTTP Inspection
Method—Specifies to match on a request method: bcopy, bdelete, bmove, bpropfind, 
bproppatch, connect, copy, delete, edit, get, getattribute, getattributenames, getproperties, head, 
index, lock, mkcol, mkdir, move, notify, options, poll, post, propfind, proppatch, put, revadd, 
revlabel, revlog, revnum, save, search, setattribute, startrev, stoprev, subscribe,...

    Page 305

    Page 305 11-31 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols HTTP Inspection Regular Expression—Lists the defined regular expressions to match. Manage—Opens the Manage Regular Expressions dialog box, which lets you configure regular expressions. Greater Than Count—Enter the maximum number of header fields. –Response Header Field Length—Applies the regular expression match to the header of the response with field length greater than... 
     
11-31
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  HTTP Inspection
Regular Expression—Lists the defined regular expressions to match.
Manage—Opens the Manage Regular Expressions dialog box, which lets you configure regular 
expressions.
Greater Than Count—Enter the maximum number of header fields.
–Response Header Field Length—Applies the regular expression match to the header of the 
response with field length greater than...

    Page 306

    Page 306 11-32 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols HTTP Inspection HTTP Inspect Map The HTTP Inspect Map dialog box is accessible as follows: Configuration > Global Objects > Inspect Maps > HTTP The HTTP pane lets you view previously configured HTTP application inspection maps. An HTTP map lets you change the default configuration values used for HTTP application inspection. HTTP application inspection scans HTTP headers and... 
     
11-32
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  HTTP Inspection
HTTP Inspect Map
The HTTP Inspect Map dialog box is accessible as follows:
Configuration > Global Objects > Inspect Maps > HTTP
The HTTP pane lets you view previously configured HTTP application inspection maps. An HTTP map 
lets you change the default configuration values used for HTTP application inspection.
HTTP application inspection scans HTTP headers and...

    Page 307

    Page 307 11-33 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols HTTP Inspection URI Filtering The URI Filtering dialog box is accessible as follows: Configuration > Global Objects > Inspect Maps > HTTP > URI Filtering The URI Filtering dialog box lets you configure the settings for an URI filter. Fields Match Type—Shows the match type, which can be a positive or negative match. Criterion—Shows the criterion of the inspection.... 
     
11-33
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  HTTP Inspection
URI Filtering
The URI Filtering dialog box is accessible as follows:
Configuration > Global Objects  > Inspect Maps > HTTP > URI Filtering
The URI Filtering dialog box lets you configure the settings for an URI filter. 
Fields
Match Type—Shows the match type, which can be a positive or negative match. 
Criterion—Shows the criterion of the inspection....

    Page 308

    Page 308 11-34 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols HTTP Inspection URI filtering: Not configured Advanced inspections: Not configured –High Protocol violation action: Drop connection and log Drop connections for unsafe methods: Allow only GET and HEAD. Drop connections for requests with non-ASCII headers: Enabled URI filtering: Not configured Advanced inspections: Not configured –URI Filtering—Opens the URI Filtering dialog... 
     
11-34
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  HTTP Inspection
URI filtering: Not configured
Advanced inspections: Not configured
–High
Protocol violation action: Drop connection and log
Drop connections for unsafe methods: Allow only GET and HEAD.
Drop connections for requests with non-ASCII headers: Enabled
URI filtering: Not configured
Advanced inspections: Not configured
–URI Filtering—Opens the URI Filtering dialog...

    Page 309

    Page 309 11-35 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols HTTP Inspection –Add—Opens the Add HTTP Inspect dialog box to add an HTTP inspection. –Edit—Opens the Edit HTTP Inspect dialog box to edit an HTTP inspection. –Delete—Deletes an HTTP inspection. –Move Up—Moves an inspection up in the list. –Move Down—Moves an inspection down in the list. Add/Edit HTTP Map The Add/Edit HTTP Map dialog box is accessible as follows: Configuration... 
     
11-35
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  HTTP Inspection
–Add—Opens the Add HTTP Inspect dialog box to add an HTTP inspection.
–Edit—Opens the Edit HTTP Inspect dialog box to edit an HTTP inspection.
–Delete—Deletes an HTTP inspection.
–Move Up—Moves an inspection up in the list.
–Move Down—Moves an inspection down in the list.
Add/Edit HTTP Map
The Add/Edit HTTP Map dialog box is accessible as follows:
Configuration...

    Page 310

    Page 310 11-36 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols HTTP Inspection Predefined—Specifies the request header fields: accept, accept-charset, accept-encoding, accept-language, allow, authorization, cache-control, connection, content-encoding, content-language, content-length, content-location, content-md5, content-range, content-type, cookie, date, expect, expires, from, host, if-match, if-modified-since, if-none-match,... 
     
11-36
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  HTTP Inspection
Predefined—Specifies the request header fields: accept, accept-charset, accept-encoding, 
accept-language, allow, authorization, cache-control, connection, content-encoding, 
content-language, content-length, content-location, content-md5, content-range, content-type, 
cookie, date, expect, expires, from, host, if-match, if-modified-since, if-none-match,...
    Start reading Cisco Asdm 7 User Guide
    All Cisco manuals