Chapter 3
Configuring Application Protocol Inspection
Examples of Application Protocol Inspection
Configurations
Layer 7 HTTP Protocol Deep Packet Inspection
OL-16202-01
The following examples each illustrate a running-configuration for performing:
Layer 7 deep packet inspection of the HTTP protocol
•
Layer 7 FTP command inspection
•
Layer 3 and Layer 4 DNS application protocol inspection
•
The application protocol inspection configurations appear in bold in each
example.
In the following HTTP protocol deep packet inspection configuration, the ACE
does the following:
Includes an ACL that allows the ACE to receive any HTTP traffic through the
•
VLAN.
Filters on content to allow only HTTL headers that contain the "html"
•
expression.
Filters a subset of the HTTP traffic using a content filtering rule that permits
•
the following packet types:
With an HTTP header length greater than 400 bytes
–
Without the string "BAD" included in the URL
–
access-list ACL1 extended permit tcp any any eq http
rserver host SERVER1
ip address 192.168.252.245
inservice
rserver host SERVER2
ip address 192.168.252.246
inservice
rserver host SERVER3
ip address 192.168.252.247
inservice
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
Examples of Application Protocol Inspection Configurations
3-125