Configuring A Layer 7 Http Deep Inspection Class Map; Creating An Http Deep Inspection Class Map; Adding A Layer 7 Http Deep Packet Inspection Class Map Description; Defining Http Content Match Criteria - Cisco 4700M Configuration Manual

Chapter 3 Configuring Application Protocol Inspection

Configuring a Layer 7 HTTP Deep Inspection Class Map

Creating an HTTP Deep Inspection Class Map

OL-16202-01
This section contains the following topics:
Creating an HTTP Deep Inspection Class Map
•

Adding a Layer 7 HTTP Deep Packet Inspection Class Map Description

•

Defining HTTP Content Match Criteria

•

Defining the Length of the HTTP Content for Inspection

•

Defining a Secondary Cookie for HTTP Inspection

•

Defining an HTTP Header for Inspection

•

Defining the HTTP Maximum Header Length for Inspection

•

Defining a Header MIME-Type Messages for Inspection

•
•

Defining an HTTP Traffic Restricted Category

Defining HTTP Request Methods and Extension Methods

•

Defining an HTTP Transfer Encoding Type

•

Defining an HTTP URL for Inspection

•

Defining an HTTP Maximum URL Length for Inspection

•
You can create a Layer 7 class map for deep packet inspection of HTTP traffic by
using the class-map type http inspect command in configuration mode.
The syntax of this command is as follows:
class-map type http inspect [match-all | match-any] map_name
The keywords, arguments, and options are as follows:
match-all | match-any—(Optional) Determines how the ACE performs the
•
deep packet inspection of HTTP traffic when multiple match criteria exist in
a class map. The class map is considered a match if the match commands
meet one of the following conditions:
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
Configuring a Layer 7 HTTP Deep Inspection Policy
3-39