Cisco 4700M Configuration Manual page 182
Application control engine appliance security
Hide thumbs
Also See for 4700M:
- Administration manual (292 pages) ,
- Upgrade manual (24 pages) ,
- Installation manual (18 pages)
Table of Contents
Advertisement
Configuring a Layer 7 HTTP Deep Inspection Policy
Defining HTTP Request Methods and Extension Methods
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
3-58
By default, the ACE allows all request and extension methods. You can use the
match request-method command to configure the class map to define application
inspection compliance decisions based on the request methods defined in
RFC 2616 and by HTTP extension methods. If the HTTP request method or
extension method compliance checks fails, the ACE denies or resets the specified
HTTP traffic based on the policy map action.
You must access the class map configuration mode to specify the match
request-method command.
The syntax of this command is as follows:
[line_number] match request-method {ext method | rfc method}
The keywords, arguments, and options are as follows:
line_number—(Optional) Argument that assists you in editing or deleting
•
individual match commands. Enter an integer from 2 to 1024 as the line
number. You can enter no line_number to delete long match commands
instead of entering the entire line. The line numbers do not dictate a priority
or sequence for the match statements.
ext method—Specifies an HTTP extension method. If the RFC request
•
messages does not contain one of the RFC 2616 HTTP request methods, the
ACE verifies if it is an extension method. The ACE supports the inspection
of the following HTTP request extension methods: bcopy, bdelete, bmove,
bpropfind, bproppatch, copy, edit, getattr, getattrname, getprops, index,
lock, mkcol, mkdir, move, propfind, proppatch, revadd, revlabel, revlog,
revnum, save, search, setattr, startrev, stoprev, unedit, and unlock.
rfc method—Specifies an RFC 2616 HTTP request method that you want to
•
perform an RFC compliance check on. The ACE supports the inspection of
the following RFC 2616 HTTP request methods: connect, delete, get, head,
options, post, put, and trace.
Follow these guidelines when using the match request-method command:
You can specify multiple match request-method commands within a class
•
map.
Each match request-method command configures a single request method.
•
•
For unsupported HTTP request methods, include the inspect http strict
command as an action in the Layer 3 and Layer 4 policy map.
Chapter 3
Configuring Application Protocol Inspection
OL-16202-01
Advertisement
Table of Contents
