Hi all

As per the following snippet, http inspection is required for filtering.

Snippet from
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/inspect.html#wp1335632


Use the HTTP inspection engine to protect against specific attacks and
other threats that may be associated with HTTP traffic. HTTP inspection
performs several functions:

•Enhanced HTTP inspection

•URL screening through N2H2 or Websense

•Java and ActiveX filtering

The latter two features are configured in conjunction with the *filter*command.

I configured a dummy non existent url-server and configured the following
rule. Hence any http request will be dropped as there is no "allow"
configured along with the following rule. My http request
gets denied across the ASA but I didn't enable http inspection.

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0


My default, http inspection is not configured under policy-map
global_policy.

If there is a task asked to configure for filtering, should we enable http
inspection or not?


With regards
Kings
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to