Cisco ASA 5505 Configuration Manual page 809

Chapter 37 Configuring Inspection of Basic Internet Protocols
Firewall Mode
Routed
•
HTTP Class Map
The HTTP Class Map dialog box is accessible as follows:
Configuration > Global Objects > Class Maps > HTTP
The HTTP Class Map pane lets you configure HTTP class maps for HTTP inspection.
An inspection class map matches application traffic with criteria specific to the application. You then
identify the class map in the inspect map and enable actions. The difference between creating a class
map and defining the traffic match directly in the inspect map is that you can create more complex match
criteria and you can reuse class maps. The applications that support inspection class maps are DNS, FTP,
H.323, HTTP, IM, and SIP.
Note
Fields
•
•
•
•
•
•
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
OL-20339-01
Security Context
Transparent Single
• •
If you need to change a match condition for HTTP inspection after configuring the inspection,
you must remove the attached service policy command and then reconfigure the service policy.
Changing the class map by removing a match condition causes HTTP inspection to block all
HTTP traffic until you remove and reconfigure the attached service policy so that all the match
conditions are reprocessed.
Name—Shows the HTTP class map name.
Match Conditions—Shows the type, match criterion, and value in the class map.
Match Type—Shows the match type, which can be a positive or negative match.
–
Criterion—Shows the criterion of the HTTP class map.
–
Value—Shows the value to match in the HTTP class map.
–
Description—Shows the description of the class map.
Add—Adds an HTTP class map.
Edit—Edits an HTTP class map.
Delete—Deletes an HTTP class map.
Security Context
Transparent Single
• •
Multiple
Context System
• —
Multiple
Context System
—
•
Cisco ASA 5500 Series Configuration Guide using ASDM
HTTP Inspection
37-25