Configuring a Layer 7 HTTP Deep Inspection Policy
Defining an HTTP URL for Inspection
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
3-60
coding_types—HTTP transfer-encoding type for the class map. The possible
•
values for coding_types are as follows:
chunked—Message body is transferred as a series of chunks.
–
compress—Encoding format produced by the common UNIX file
–
compression program "compress." This format is an adaptive
Lempel-Ziv-Welch coding (LZW).
deflate—The .zlib format defined in RFC 1950 with the deflate
–
compression mechanism described in RFC 1951.
gzip—Encoding format produced by the file compression program gzip
–
(GNU zip) as described in RFC 1952. This format is a Lempel-Ziv
coding (LZ77) with a 32-bit CRC.
identity—Default (identity) encoding, which does not require the use of
–
transformation.
Follow these guidelines when using the match transfer-encoding command:
You can specify multiple match transfer-encoding commands within a class
•
map.
Each match transfer-encoding command configures a single application
•
type.
The ACE disables the match transfer-encoding command by default.
•
For example, to create a class map that specifies a chunked HTTP transfer
encoding type to limit the HTTP traffic that flows through the ACE, enter:
host1/Admin(config)# class-map type http inspect HTTP_INSPECT_L7CLASS
host1/Admin(config-cmap-http-insp)# match transfer-encoding chunked
To clear the HTTP transfer-encoding match criteria from the class map, enter:
host1/Admin(config-cmap-http-insp)# no match transfer-encoding chunked
You can use the match url command to configure the class map to define
application inspection decisions based on the URL name. HTTP performs regular
expression matching against the received packet data from a particular connection
based on the URL expression.
You must access the class map configuration mode to specify the match url
command.
Chapter 3
Configuring Application Protocol Inspection
OL-16202-01