Layer 7 Ftp Command Inspection - Cisco 4700M Configuration Manual
Application control engine appliance security
Hide thumbs
Also See for 4700M:
- Administration manual (292 pages) ,
- Upgrade manual (24 pages) ,
- Installation manual (18 pages)
Table of Contents
Advertisement
Examples of Application Protocol Inspection Configurations
Layer 7 FTP Command Inspection
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
3-126
serverfarm host SFARM1
probe HTTP
rserver SERVER1
inservice
rserver SERVER2
inservice
rserver SERVER3
inservice
class-map match-all L4_FILTERHTTP_CLASS
2 match access-list ACL1
class-map type http inspect match-all L7_FILTERHTML1_CLASS
2 match header Accept header-value "html"
3 match header length request gt 400
class-map type http inspect match-all L7_FILTERHTML2_CLASS
2 match url BAD
policy-map type loadbalance first-match L7_HTTP-LB-HTTP_POLICY
class class-default
serverfarm SFARM1
policy-map type inspect http all-match L7_FILTERHTML_POLICY
class L7_FILTERHTML1_CLASS
permit
class L7_FILTERHTML2_CLASS
reset
policy-map multi-match L4_FILTER_POLICY
class L4_FILTERHTTP_CLASS
inspect http policy L7_FILTERHTML_POLICY
interface vlan 50
access-group input ACL1
ip address 192.168.1.100 255.255.255.0
service-policy input L4_FILTER_POLICY
no shutdown
In the following FTP command inspection configuration, the ACE does the
following:
•
Masks the responses from the SYST and USER commands
Denies selected FTP commands from executing
•
Allows the remaining FTP commands to execute
•
Chapter 3
Configuring Application Protocol Inspection
OL-16202-01
Advertisement
Table of Contents
