ASA INSPECTION

 HTTP URI and Host Header inspection  

regex HTTP-DOMAIN-1 "www\.specificdomain\.com" 

regex HTTP-DOMAIN-2 "[a-z]+\.domain\.com" 

regex URI-MALWARE "malware" 

regex URI-DODGY "dodgy" 

class-map type inspect http match-any HTTP-DOMAIN 

 match request header host regex HTTP-DOMAIN-1 

 match request header host regex HTTP-DOMAIN-2 

class-map type inspect http match-any HTTP-URI 

 match request uri regex URI-MALWARE 

 match request uri regex URI-DODGY 

policy-map type inspect http HTTP-POLICY 

 parameters 

 class HTTP-DOMAIN 

 reset log 

 class HTTP-URI 

 reset log 

policy-map OUTSIDE-POLICY 

 class HTTP 

 inspect http HTTP-POLICY 

service-policy OUTSIDE-POLICY interface OUTSIDE 

HTTP Protocol Violation 

policy-map type inspect http HTTP-POLICY 

 parameters 

 protocol-violation action drop-connection log


class HTTP-POLICY 

 reset log 

 class HTTP-URI 

 reset log 

## HTTP User Agent ## 

regex HTTP-USER-AGENT "curl" 

class-map type inspect http match-all HTTP-USER-AGENT 

 match request header user-agent regex HTTP-USER-AGENT 

policy-map type inspect http HTTP-POLICY 

 parameters 

 protocol-violation action drop-connection log 

 class HTTP-POLICY 

 reset log 

 class HTTP-URI 

 reset log 

 class HTTP-USER-AGENT 

 reset log

No comments:

Post a Comment

Subscribe to: Posts (Atom)

TCP_IP_ATTACKS