Chapter 3
Configuring Application Protocol Inspection
Configuring a Layer 7 HTTP Deep Packet Inspection Policy Map
Creating a Layer 7 HTTP Deep Packet Inspection Policy Map
OL-16202-01
For example, to specify that a class map is to match on a URL with a length equal
to 10000 bytes in the request message, enter:
host1/Admin(config)# class-map type http inspect HTTP_INSPECT_L7CLASS
host1/Admin(config-cmap-http-insp)# match url length eq 10000
To clear a URL length match criteria from the class map, enter:
host1/Admin(config-cmap-http-insp)# no match url length eq 10000
This section describes how to configure a Layer 7 HTTP deep inspection policy
map. The Layer 7 policy map configures the applicable HTTP deep packet
inspection actions executed on the network traffic that match the classifications
defined in a class map. You then associate the completed Layer 7 HTTP deep
packet inspection policy with a Layer 3 and Layer 4 policy map to activate the
operation on a VLAN interface (see the
Application Protocol Inspection Policy Actions"
This section contains the following topics:
Creating a Layer 7 HTTP Deep Packet Inspection Policy Map
•
Adding a Layer 7 HTTP Deep Packet Inspection Policy Map Description
•
Including Inline Match Statements in a Layer 7 HTTP Deep Packet
•
Inspection Policy Map
Associating a Layer 7 HTTP Inspection Traffic Class with the Traffic Policy
•
•
Specifying the Layer 7 HTTP Deep Packet Policy Actions
You can use the policy-map type inspect http command in configuration mode
to name the traffic policy and initiate Layer 7 HTTP deep packet inspection.
The syntax of this command is as follows:
policy-map type inspect http all-match map_name
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
Configuring a Layer 7 HTTP Deep Inspection Policy
"Defining Layer 3 and Layer 4
section).
3-63