Table of Contents
Advertisement
Configuring the Protocol Analysis Module
Procedure
To configure HTTP Analysis settings:
1.
Click the Network Policy View icon and the Network Policies tab.
2.
Expand the tree by clicking the expansion symbols and select the desired custom policy name.
The modules for that policy are displayed in the tree.
3.
Click the Protocol Analysis Module in the tree.
4.
Expand HTTP Analysis in the Protocol column.
5.
HTTP analysis is enabled by default. To disable it, click disable in the Property column, then
select yes from the drop-down list in the Value column.
6.
Some of the HTTP analysis properties are enabled by default, while others are disabled by
default. Refer to the descriptions above to determine whether you want to change the default
settings. To change a property setting, click it in the Property column, then select yes or no
from the drop-down list in the Value column.
7.
Verbose mode is disabled by default. When enabled, the sensor will log events when certain
evasions occur. To enable it, click verbose in the Property column, then select yes from the
drop-down list in the Value column.
8.
In the Allow Method window, select the desired RFC 2616 (HTTP 1.1) methods that are
acceptable for use on web servers located on the protected network.
9.
By default, the Network Sensor will analyze traffic directed toward ports 80, 8080, and 3128.
To add or exclude a port or port range for analysis, click Add Port. The Add Port Information
dialog box is displayed.
2-64 Creating Network Sensor Policies
Advertisement
Table of Contents
Need help?
Do you have a question about the Intrusion Prevention System and is the answer not in the manual?