But I have never come across any samples or cisco docs claiming that it is required.
With regards Kings On Thu, Nov 10, 2011 at 5:30 PM, Fawad Khan <[email protected]> wrote: > I take my words back ... HTTP is not enabled by default in MPF... FTP, > ESMTP and DNS are.... I guess morning coffee didnt work so far. > > but I am certain that we need to enable to http in mPF for url filtering > to work properly. > > > > FNK > > > On Thu, Nov 10, 2011 at 6:16 AM, FNK <[email protected]> wrote: > >> Yes. Http needs to be enabled. Same goes for DNA doctoring where we we >> put 'dns' keyword at the end of the traffic. We need to enable DNs mpf as >> well >> >> Http, esmtp and DNs are enabled by default >> >> FNK >> Sent from an iPhone >> >> >> On Nov 10, 2011, at 1:11 AM, Kingsley Charles <[email protected]> >> wrote: >> >> Hi all >> >> As per the following snippet, http inspection is required for filtering. >> >> Snippet from >> http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/inspect.html#wp1335632 >> >> >> Use the HTTP inspection engine to protect against specific attacks and >> other threats that may be associated with HTTP traffic. HTTP inspection >> performs several functions: >> >> •Enhanced HTTP inspection >> >> •URL screening through N2H2 or Websense >> >> •Java and ActiveX filtering >> >> The latter two features are configured in conjunction with the >> *filter*command. >> >> I configured a dummy non existent url-server and configured the following >> rule. Hence any http request will be dropped as there is no "allow" >> configured along with the following rule. My http request >> gets denied across the ASA but I didn't enable http inspection. >> >> filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 >> >> >> My default, http inspection is not configured under policy-map >> global_policy. >> >> If there is a task asked to configure for filtering, should we enable >> http inspection or not? >> >> >> With regards >> Kings >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
