Configuring Application Profile Customization Framework - Cisco FirePOWER ASA 5500 series Configuration Manual

Chapter 37 Configuring WebVPN

Configuring Application Profile Customization Framework

An APCF profile for WebVPN lets the security appliance handle non-standard applications and web
resources so that they display correctly over a WebVPN connection. An APCF profile contains a script
that specifies when (pre, post), where (header, body, request, response), and what data to transform for
a particular application. The script is in XML and uses sed (stream editor) syntax for string/text
transformation. Multiple APCF profiles can run in parallel on a security appliance. Within an APCF
profile script, multiple APCF rules can apply. In this case, the security appliance processes the oldest
rule first (based on configuration history), then the next oldest rule, and so forth.
You can store APCF profiles on the security appliance flash memory, or on an HTTP, HTTPS, or TFTP
server. Use the apcf command in webvpn mode to identify and locate an APCF profile that you want to
load on the security appliance.
The following example shows how to enable an APCF profile named apcf1.xml, located on flash
memory.
hostname(config)# webvpn
hostname(config-webvpn)# apcf flash:/apcf/apcf1.xml
hostname(config-webvpn)#
This example shows how to enable an APCF profile named apcf2.xml, located on an https server called
myserver, port 1440 with the path being /apcf.
hostname(config)# webvpn
hostname(config-webvpn)# apcf https://myserver:1440/apcf/apcf2.xml
hostname(config-webvpn)#
APCF Syntax
The following sections describe APCF syntax.
Caution Misuse of an APCF profile can result in reduced performance and undesired rendering of content. In
most cases, Cisco Engineering supplies APCF profiles to solve specific application rendering issues.
APCF profiles use XML format, and sed script syntax, with the XML tags in
Table 37-4 APCF XML Tags
Tag
<APCF>...</APCF>
<version>1.0</version>
<application>...</application>
<id> text </id>
<apcf-entities>...</apcf-entities>
OL-10088-01
Use
The mandatory root element that opens any APCF XML
file.
The mandatory tag that specifies the APCF
implementation version. Currently the only version is
1.0.
The mandatory tag that wraps the body of the XML
description.
The mandatory tag that describes this particular APCF
functionality.
The mandatory tag that wraps a single or multiple APCF
entities.
Cisco Security Appliance Command Line Configuration Guide
Optimizing WebVPN Performance
Table 37-4
37-29