Yes. Http needs to be enabled. Same goes for DNA doctoring where we we put 
'dns' keyword at the end of the traffic. We need to enable DNs mpf as well

Http, esmtp and DNs are enabled by default

FNK
Sent from an iPhone


On Nov 10, 2011, at 1:11 AM, Kingsley Charles <[email protected]> 
wrote:

> Hi all
> 
> As per the following snippet, http inspection is required for filtering. 
> 
> Snippet from 
> http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/inspect.html#wp1335632
> 
> 
> Use the HTTP inspection engine to protect against specific attacks and other 
> threats that may be associated with HTTP traffic. HTTP inspection performs 
> several functions:
> 
> •Enhanced HTTP inspection
> 
> •URL screening through N2H2 or Websense
> 
> •Java and ActiveX filtering
> 
> The latter two features are configured in conjunction with the filter command.
> 
> 
> I configured a dummy non existent url-server and configured the following 
> rule. Hence any http request will be dropped as there is no "allow" 
> configured along with the following rule. My http request 
> gets denied across the ASA but I didn't enable http inspection. 
> 
> filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
> 
> 
> My default, http inspection is not configured under policy-map global_policy.
> 
> If there is a task asked to configure for filtering, should we enable http 
> inspection or not?
> 
> 
> With regards
> Kings
> _______________________________________________
> For more information regarding industry leading CCIE Lab training, please 
> visit www.ipexpert.com
> 
> Are you a CCNP or CCIE and looking for a job? Check out 
> www.PlatinumPlacement.com
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to