Cisco Nexus 9000 Series Configuration Manual page 292

Configuring ACLs Using HTTP Methods to Redirect Requests
Command or Action
Step 4 (Optional) show ip access-lists name
Example:
switch(config-acl)# show ip access-lists acl-01
Step 5 (Optional) show run interface interface slot/port
Example:
switch(config-acl)# show run interface ethernet
2/2
Example
The following example specifies a length for the TCP options header in the packets and redirects the
post HTTP method to a server that is connected to port channel 4001:
switch(config)# ip access-list http-redirect-acl
switch(config-acl)# 10 permit tcp any any http-method get tcp-option-length 4 redirect
port-channel4001
switch(config-acl)# 20 permit tcp any any http-method post redirect port-channel4001
switch(config-acl)# statistics per-entry
switch(config)# interface Ethernet 1/33
switch(config-if)# ip port access-group http-redirect-acl in
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
266
Purpose
• put—Matches HTTP packets with the PUT method
[0x50555420]
• trace—Matches HTTP packets with the TRACE
method [0x54524143]
The tcp-option-length option specifies the length of the
TCP options header in the packets. You can configure up
to four TCP option lengths (in multiples of four bytes) in
the access control entries (ACEs). The length range is from
0 to 40. If you do not configure this option, the length is
specified as 0, and only packets without the TCP options
header can match the ACE. This option allows the HTTP
method to be matched even on packets that have a
variable-length TCP options header.
The redirect option redirects an HTTP method to a server
that is connected to a specific port. The HTTP redirect
feature does not work on Layer 3 ports.
Displays the IP ACL configuration.
Displays the interface configuration.
Configuring IP ACLs