Chapter 3
Configuring Application Protocol Inspection
Including Inline Match Statements in a Layer 7 HTTP Deep Packet Inspection
Policy Map
Note
OL-16202-01
You can include a single inline match criteria in the policy map without specifying
a traffic class by entering an applicable Layer 7 match command. The inline
Layer 7 policy map match commands function the same as with the Layer 7 class
map match commands. However, when you use an inline match command, you
can specify an action for only a single match statement in the Layer 7 policy map.
To specify actions for multiple match statements, use a class map as described in
the
"Associating a Layer 7 HTTP Inspection Traffic Class with the Traffic Policy"
section.
The syntax of this command is as follows:
match name match_statement [insert-before map_name]
The keywords, arguments, and options are as follows:
name—Name assigned to the inline match command. Enter an unquoted text
•
string with no spaces. The length of the inline match statement name plus the
length of the policy map name with which it is associated cannot exceed a
total maximum of 64 alphanumeric characters. For example, if the policy map
name is L7_POLICY (nine characters), an inline match statement name under
this policy cannot exceed 55 alphanumeric characters (64
match_statement—Inline match criteria to be used by the policy map. See
•
below for details on the individual match commands associated with the
Layer 7 HTTP deep inspection class map.
insert-before map_name—(Optional) Places the inline match command
•
ahead of an existing class map in the policy map configuration.
The syntax for the HTTP deep packet inspection policy map inline match
commands is as follows:
match name content expression [offset number]
match name content length {eq bytes | gt bytes | lt bytes | range bytes1
bytes 2}
match name content-type-verification
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
Configuring a Layer 7 HTTP Deep Inspection Policy
-
9 = 55).
3-65