1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Software
  5. 4700M
  6. Configuration manual

Cisco 4700M Configuration Manual page 192

Application control engine appliance security
Hide thumbs Also See for 4700M:
Table of Contents

Advertisement

Configuring a Layer 7 HTTP Deep Inspection Policy
Note
Specifying the Layer 7 HTTP Deep Packet Policy Actions
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
3-68
The keywords and arguments are as follows:
class map_name1—Specifies the name of a previously defined traffic class
configured with the class-map command. Enter an unquoted text string with
no spaces and a maximum of 64 alphanumeric characters.
insert-before map_name2—Places the current class map ahead of an existing
class map as specified by the map_name2 argument. Enter an unquoted text
string with no spaces and a maximum of 64 alphanumeric characters.
For example, to use the insert-before command to define the sequential order of
two class maps in the policy map, enter:
host1/Admin(config-pmap-ins-http)# class HTTP_INSPECT_L7CLASSMAP2
insert-before HTTP_INSPECT_L7CLASS
To specify the class-default class map for the traffic policy, use the class
class-default command. All traffic that fails to meet the other matching criteria
in the named class map belongs to the default traffic class. If none of the specified
classifications match, the ACE then matches the action specified under the class
class-default command. The class-default class map has an implicit match any
statement in it so that it matches all traffic.
By default, all matches are applied to both HTTP request and response messages,
but the class class-default command is applied only to HTTP requests.
For example, to use the class class-default command, enter:
host1/Admin(config-pmap-ins-http)# class class-default
host1/Admin(config-pmap-ins-http-c)#
The CLI displays the policy map class configuration mode.
The default behavior of the ACE is to permit HTTP traffic. For example, if a
policy map explicitly permits the HTTP GET method, other methods such as PUT
will also be permitted. Only an explicit deny can drop traffic.
Specify the permit or reset command to define the action that the ACE performs
on the HTTP traffic depending on whether it matches the specified commands.
You apply the specified command against the single inline match command or the
specified class map.
Chapter 3
Configuring Application Protocol Inspection
OL-16202-01

Advertisement

Table of Contents
loading

Related Manuals for Cisco 4700M

Related Products for Cisco 4700M

This manual is also suitable for:

4700 series

Table of Contents