beautypg.com

Cisco ASA 5505 User Manual

Page 894

background image

43-18

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 43 Configuring Inspection of Basic Internet Protocols

HTTP Inspection

Where the regex_name is the regular expression you created in

Step 1

. The class regex_class_name

is the regular expression class map you created in

Step 2

.

e.

(Optional) To match text found in the HTTP request message body or to match traffic that exceeds
the maximum HTTP request message body length, enter the following command:

hostname(config-cmap)# match [not] request body {regex [regex_name | class

regex_class_name] | length gt max_bytes}

Where the regex regex_name argument is the regular expression you created in

Step 1

. The class

regex_class_name is the regular expression class map you created in

Step 2

. The length gt

max_bytes is the maximum message body length in bytes.

f.

(Optional) To match text found in the HTTP request message header, or to restrict the count or length
of the header, enter the following command:

hostname(config-cmap)# match [not] request header {[field]

[regex [regex_name | class regex_class_name]] |

[length gt max_length_bytes | count gt max_count_bytes]}

Where the field is the predefined message header keyword. The regex regex_name argument is the
regular expression you created in

Step 1

. The class regex_class_name is the regular expression class

map you created in

Step 2

. The length gt max_bytes is the maximum message body length in bytes.

The count gt max_count is the maximum number of header fields.

g.

(Optional) To match text found in the HTTP request message method, enter the following command:

hostname(config-cmap)# match [not] request method {[method] |

[regex [regex_name | class regex_class_name]]

Where the method is the predefined message method keyword. The regex regex_name argument is
the regular expression you created in

Step 1

. The class regex_class_name is the regular expression

class map you created in

Step 2

.

h.

(Optional) To match text found in the HTTP request message URI, enter the following command:

hostname(config-cmap)# match [not] request uri {regex [regex_name | class

regex_class_name] | length gt max_bytes}

Where the regex regex_name argument is the regular expression you created in

Step 1

. The class

regex_class_name is the regular expression class map you created in

Step 2

. The length gt

max_bytes is the maximum message body length in bytes.

i.

Optional) To match text found in the HTTP response message body, or to comment out Java applet
and Active X object tags in order to filter them, enter the following command:

hostname(config-cmap)# match [not] response body {[active-x] | [java-applet] |

[regex [regex_name | class regex_class_name]] | length gt max_bytes}

Where the regex regex_name argument is the regular expression you created in

Step 1

. The class

regex_class_name is the regular expression class map you created in

Step 2

. The length gt

max_bytes is the maximum message body length in bytes.

j.

(Optional) To match text found in the HTTP response message header, or to restrict the count or
length of the header, enter the following command:

hostname(config-cmap)# match [not] response header {[field]

[regex [regex_name | class regex_class_name]] |

[length gt max_length_bytes | count gt max_count]}