Configuring a Layer 7 HTTP Deep Inspection Policy
Defining an HTTP Maximum URL Length for Inspection
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
3-62
You can use the match url length command to limit the HTTP traffic allowed
through the ACE by specifying the maximum length of a URL in a request
message that can be received by the ACE. Messages will be either allowed or
denied based on the Layer 7 HTTP deep packet inspection policy map action.
You must access the class map configuration mode to specify the match url
length command.
The syntax of this command is as follows:
[line_number] match url length {eq bytes | gt bytes | lt bytes | range bytes1
bytes 2}
The keywords, arguments, and options are as follows:
line_number—(Optional) Argument that assists you in editing or deleting
•
individual match commands. Enter an integer from 2 to 1024 as the line
number. You can enter no line_number to delete long match commands
instead of entering the entire line. The line numbers do not dictate a priority
or sequence for the match statements.
eq bytes—Specifies a value for the HTTP URL length received by the ACE.
•
Based on the policy map action, the ACE allows or denies messages with an
HTTP URL length equal to the specified value. Valid entries are from 1 to
65535 bytes.
gt bytes—Specifies a minimum value for the HTTP URL length received by
•
the ACE. Based on the policy map action, the ACE allows or denies messages
with an HTTP URL length greater than the specified value. Valid entries are
from 1 to 65535 bytes.
lt bytes—Specifies a maximum value for the HTTP URL length received by
•
the ACE. Based on the policy map action, the ACE allows or denies messages
with an HTTP URL length less than the specified value. Valid entries are from
1 to 65535 bytes.
range bytes1 bytes2—Specifies a size range for the HTTP URL length
•
received by the ACE. Based on the policy map action, the ACE allows or
denies messages with a URL length within this range. The range is from 1 to
65535 bytes.
Chapter 3
Configuring Application Protocol Inspection
OL-16202-01