Cisco 4700M Configuration Manual page 180
Application control engine appliance security
Hide thumbs
Also See for 4700M:
- Administration manual (292 pages) ,
- Upgrade manual (24 pages) ,
- Installation manual (18 pages)
Table of Contents
Advertisement
Configuring a Layer 7 HTTP Deep Inspection Policy
Defining an HTTP Traffic Restricted Category
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
3-56
video/quicktime
–
video/sgi
–
video/x-fli
–
Follow these guidelines when using the match header mime-type command:
You can specify multiple match header mime-type commands within a class
•
map.
Each match header mime-type command configures a single application
•
type.
For example, to create a class map that specifies the MIME-type audio/midi and
audio/mpeg messages permitted through the ACE, enter:
host1/Admin(config)# class-map type http inspect match-any
HTTP_INSPECT_L7CLASS
host1/Admin(config-cmap-http-insp)# match header mime-type audio/midi
host1/Admin(config-cmap-http-insp)# match header mime-type audio/mpeg
To deselect the specified MIME message match criteria from the class map, enter:
host1/Admin(config-cmap-http-insp)# no match header mime-type
audio/midi
You can use the match port-misuse command to configure the class map to
define application inspection compliance decisions that restrict certain HTTP
traffic from passing through the ACE. This class map detects the misuse of port
80 (or any other port running HTTP) for tunneling protocols such as peer-to-peer
(p2p) applications, tunneling applications, and instant messaging.
You must access the class map configuration mode to specify the match
port-misuse command.
The syntax of this command is as follows:
[line_number] match port-misuse application_category
Chapter 3
Configuring Application Protocol Inspection
OL-16202-01
Advertisement
Table of Contents
