Customizing Protocol Inspections
ASDM enables you to add your own customized service policies. Because the ASA/PIX ships with such a strong security posture by default, no customizations are “required” to ensure additional security. This section does, however, cover how to create a customized service policy should you decide that it's important for your deployment.
The example used is the creation of a service policy that checks the length of a URL and drops the packet if the length is too long. This policy could be effective for preventing hackers from both attempting to guess a URL that could cause buffer overflows or passing URLs that contain SQL commands in an attempt to gain access to a back-end SQL database.
This policy is only one example ...
Get Securing Your Business with Cisco ASA and PIX Firewalls now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.