Avatar of a77
a77
 asked on

cisco ASA http inspection small problem

good morning/evening our fellow experts around the world,

i'm having a tiny problem with HTTP inspection on cisco ASA5505, i'm trying to block video extensions, and it worked, but the problem is that once i apply this http inspection policy, when users try to open hotmail and yahoo messages, they can't, (inbox opens, but when they click on any email it does not open, hotmail shows "We can't connect to Hotmail right now. Please try again later"), when i disable this http inspection policy, everything works fine, i'm lost because i don't know where to look (also i'm an ASA noob)

below is a show run highlighting the important things:

regex video_extensions1 ".*\.flv|.*\.mpg|.*\.asf|.*\.asr|.*\.asx|.*\.avi|.*\.iv
|.*\.lsf|.*\.lsx|.*\.mlv|.*\.mp4|audio/.*"
regex video_extensions2 ".*\.mov|.*\.movie|.*\.mp2|.*\.mpa|.*\.mpe|.*\.mpeg|.*\
mpv2|.*\.qt|.*\.mkv|video/*"
regex applicationheader "application/.*"
regex contenttype "Content-Type"
ftp mode passive
object-group service DM_INLINE_SERVICE_1
 service-object ip
 service-object tcp-udp eq www
 service-object tcp eq www
 service-object icmp
object-group service DM_INLINE_SERVICE_2
 service-object ip
 service-object tcp eq www
 service-object icmp
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_1 a
y interface outside
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2
ny interface outside
access-list outside_access_in_1 extended permit ip any any inactive
access-list inside_access_in_1 extended permit ip any any
access-list inside_mpc extended permit object-group TCPUDP any any eq www
access-list inside_mpc extended permit tcp any any eq 8080
!
dynamic-access-policy-record DfltAccessPolicy
!
priority-queue inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
class-map type regex match-any extensionsBlockList
 match regex video_extensions2
 match regex video_extensions1
class-map type inspect http match-all blockExtensions
 match request uri regex class extensionsBlockList
class-map type inspect http match-all appheaderclass
 match request header regex contenttype regex applicationheader
class-map type inspect http match-all asdm_medium_security_methods
 match not request method head
 match not request method post
 match not request method get
class-map type inspect http match-all asdm_high_security_methods
 match not request method head
 match not request method get
class-map httptraffic
 match access-list inside_mpc
!
policy-map type inspect http http_inspection_policy
 parameters
  protocol-violation action drop-connection
 match request method connect
  drop-connection log
 class appheaderclass
  drop-connection log
 class blockExtensions
  reset log
policy-map inside-policy
 class httptraffic
  inspect http http_inspection_policy
!
service-policy inside-policy interface inside

Open in new window


Appreciate any help :)
thanks in advance.
CiscoHardware FirewallsNetwork Management

Avatar of undefined
Last Comment
a77

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
TimotiSt

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
InteraX

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
thebyte

It sounds like it could be one of those defined file extensions causing issues.  You could start by using only one or a couple and using a process of elimination to try and figure out which one is causing it.
a77

ASKER
i ended up blocking only the video extensions , so even though youtube opens, but the videos does not play.

Thanks everyone !
Your help has saved me hundreds of hours of internet surfing.
fblack61