Chapter 3
Configuring Application Protocol Inspection
Configuring a Layer 7 HTTP Deep Inspection Class Map
Creating an HTTP Deep Inspection Class Map
OL-16202-01
This section contains the following topics:
Creating an HTTP Deep Inspection Class Map
•
Adding a Layer 7 HTTP Deep Packet Inspection Class Map Description
•
Defining HTTP Content Match Criteria
•
Defining the Length of the HTTP Content for Inspection
•
Defining a Secondary Cookie for HTTP Inspection
•
Defining an HTTP Header for Inspection
•
Defining the HTTP Maximum Header Length for Inspection
•
Defining a Header MIME-Type Messages for Inspection
•
•
Defining an HTTP Traffic Restricted Category
Defining HTTP Request Methods and Extension Methods
•
Defining an HTTP Transfer Encoding Type
•
Defining an HTTP URL for Inspection
•
Defining an HTTP Maximum URL Length for Inspection
•
You can create a Layer 7 class map for deep packet inspection of HTTP traffic by
using the class-map type http inspect command in configuration mode.
The syntax of this command is as follows:
class-map type http inspect [match-all | match-any] map_name
The keywords, arguments, and options are as follows:
match-all | match-any—(Optional) Determines how the ACE performs the
•
deep packet inspection of HTTP traffic when multiple match criteria exist in
a class map. The class map is considered a match if the match commands
meet one of the following conditions:
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
Configuring a Layer 7 HTTP Deep Inspection Policy
3-39