Cisco 4700M Configuration Manual page 150

Application Protocol Inspection Configuration Quick Start Procedures
Table 3-3
Task and Command Example
12.
13.
14.
15.
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
3-26
Layer 7 HTTP Protocol Deep Inspection Quick Start (continued)
(Optional) Configure the class map to define application inspection
decisions based on the URL name.
host1/Admin(config-cmap-http-insp)# match url .*.gif
host1/Admin(config-cmap-http-insp)# match url .*.html
(Optional) Limit the HTTP traffic allowed through the ACE by specifying
the maximum length of a URL in a request message that can be received by
the ACE.
host1/Admin(config-cmap-http-insp)# match url length eq 10000
Create and configure a Layer 7 policy map that enables the deep packet
inspection of the HTTP protocol. Specify the actions that you want to apply
to the Layer 7 user-defined class map and, if appropriate, to the default class
map.
host1/Admin(config)# policy-map type inspect http all-match
HTTP_INSPECT_L7POLICY
host1/Admin(config-pmap-ins-http)# class HTTP_INSPECT_L7CLASS
host1/Admin(config-pmap-ins-http-c)# permit
host1/Admin(config-pmap-ins-http-c)# exit
host1/Admin(config-pmap-ins-http)# exit
host1/Admin(config)#
Create a Layer 3 and Layer 4 class map to classify network traffic that
passes through the ACE for HTTP deep packet inspection. If you do not
specify match-all or match-any, traffic must match all the match criteria to
be classified as part of the traffic class.
The CLI displays the class map configuration mode.
host1/Admin(config)# class-map match-all HTTP_INSPECT_L4CLASS
host1/Admin(config-cmap)#
Include one or more of the match commands as part of the Layer 3 and
Layer 4 class map.
host1/Admin(config-cmap)# description HTTP protocol deep
inspection of incoming traffic
host1/Admin(config-cmap)# match port tcp eq 80
host1/Admin(config-cmap)# exit
host1/Admin(config)#
Chapter 3 Configuring Application Protocol Inspection
OL-16202-01