a77
asked on
cisco ASA http inspection small problem
good morning/evening our fellow experts around the world,
i'm having a tiny problem with HTTP inspection on cisco ASA5505, i'm trying to block video extensions, and it worked, but the problem is that once i apply this http inspection policy, when users try to open hotmail and yahoo messages, they can't, (inbox opens, but when they click on any email it does not open, hotmail shows "We can't connect to Hotmail right now. Please try again later"), when i disable this http inspection policy, everything works fine, i'm lost because i don't know where to look (also i'm an ASA noob)
below is a show run highlighting the important things:
Appreciate any help :)
thanks in advance.
i'm having a tiny problem with HTTP inspection on cisco ASA5505, i'm trying to block video extensions, and it worked, but the problem is that once i apply this http inspection policy, when users try to open hotmail and yahoo messages, they can't, (inbox opens, but when they click on any email it does not open, hotmail shows "We can't connect to Hotmail right now. Please try again later"), when i disable this http inspection policy, everything works fine, i'm lost because i don't know where to look (also i'm an ASA noob)
below is a show run highlighting the important things:
regex video_extensions1 ".*\.flv|.*\.mpg|.*\.asf|.*\.asr|.*\.asx|.*\.avi|.*\.iv
|.*\.lsf|.*\.lsx|.*\.mlv|.*\.mp4|audio/.*"
regex video_extensions2 ".*\.mov|.*\.movie|.*\.mp2|.*\.mpa|.*\.mpe|.*\.mpeg|.*\
mpv2|.*\.qt|.*\.mkv|video/*"
regex applicationheader "application/.*"
regex contenttype "Content-Type"
ftp mode passive
object-group service DM_INLINE_SERVICE_1
service-object ip
service-object tcp-udp eq www
service-object tcp eq www
service-object icmp
object-group service DM_INLINE_SERVICE_2
service-object ip
service-object tcp eq www
service-object icmp
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_1 a
y interface outside
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2
ny interface outside
access-list outside_access_in_1 extended permit ip any any inactive
access-list inside_access_in_1 extended permit ip any any
access-list inside_mpc extended permit object-group TCPUDP any any eq www
access-list inside_mpc extended permit tcp any any eq 8080
!
dynamic-access-policy-record DfltAccessPolicy
!
priority-queue inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
class-map type regex match-any extensionsBlockList
match regex video_extensions2
match regex video_extensions1
class-map type inspect http match-all blockExtensions
match request uri regex class extensionsBlockList
class-map type inspect http match-all appheaderclass
match request header regex contenttype regex applicationheader
class-map type inspect http match-all asdm_medium_security_methods
match not request method head
match not request method post
match not request method get
class-map type inspect http match-all asdm_high_security_methods
match not request method head
match not request method get
class-map httptraffic
match access-list inside_mpc
!
policy-map type inspect http http_inspection_policy
parameters
protocol-violation action drop-connection
match request method connect
drop-connection log
class appheaderclass
drop-connection log
class blockExtensions
reset log
policy-map inside-policy
class httptraffic
inspect http http_inspection_policy
!
service-policy inside-policy interface inside
Appreciate any help :)
thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It sounds like it could be one of those defined file extensions causing issues. You could start by using only one or a couple and using a process of elimination to try and figure out which one is causing it.
ASKER
i ended up blocking only the video extensions , so even though youtube opens, but the videos does not play.
Thanks everyone !
Thanks everyone !