Cisco PIX 500 Series Configuration Manual page 493

Chapter 25 Configuring Application Layer Protocol Inspection
.
Table 25-3
request-command deny Option
appe
cdup
dele
get
help
mkd
put
rmd
rnfr
rnto
site
stou
f.
g.
Create an FTP inspection policy map, enter the following command:
Step 4
hostname(config)# policy-map type inspect ftp policy_map_name
hostname(config-pmap)#
Where the policy_map_name is the name of the policy map. The CLI enters policy-map configuration
mode.
(Optional) To add a description to the policy map, enter the following command:
Step 5
hostname(config-pmap)# description string
To apply actions to matching traffic, perform the following steps.
Step 6
a.
OL-12172-03
FTP Map request-command deny Options
(Optional) To match an FTP server, enter the following command:
hostname(config-cmap)# match [not] server regex [ regex_name | class regex_class_name ]
Where the regex_name is the regular expression you created in
is the regular expression class map you created in
(Optional) To match an FTP username, enter the following command:
hostname(config-cmap)# match [not] username regex [ regex_name |
class regex_class_name ]
Where the regex_name is the regular expression you created in
is the regular expression class map you created in
Specify the traffic on which you want to perform actions using one of the following methods:
Specify the FTP class map that you created in
•
hostname(config-pmap)# class class_map_name
hostname(config-pmap-c)#
Purpose
Disallows the command that appends to a file.
Disallows the command that changes to the parent directory of the
current working directory.
Disallows the command that deletes a file on the server.
Disallows the client command for retrieving a file from the server.
Disallows the command that provides help information.
Disallows the command that makes a directory on the server.
Disallows the client command for sending a file to the server.
Disallows the command that deletes a directory on the server.
Disallows the command that specifies rename-from filename.
Disallows the command that specifies rename-to filename.
Disallows the command that are specific to the server system.
Usually used for remote administration.
Disallows the command that stores a file using a unique file name.
Step 2.
Step 2.
Step 3
Cisco Security Appliance Command Line Configuration Guide
FTP Inspection
Step 1. The class regex_class_name
Step 1. The class regex_class_name
by entering the following command:
25-29