13-17
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 13 Inspection of Basic Internet Protocols
HTTP Inspection
• match [not] request header {field | regex regex_name} regex {regex_name | class
class_name}—Matches the content of a field in the HTTP request message header against the
specified regular expression or regular expression class. You can specify the field name
explicitly or match the field name to a regular expression. Field names are: accept,
accept-charset, accept-encoding, accept-language, allow, authorization, cache-control,
connection, content-encoding, content-language, content-length, content-location,
content-md5, content-range, content-type, cookie, date, expect, expires, from, host, if-match,
if-modified-since, if-none-match, if-range, if-unmodified-since, last-modified, max-forwards,
pragma, proxy-authorization, range, referer, te, trailer, transfer-encoding, upgrade, user-agent,
via, warning.
• match [not] request header {field | regex {regex_name | class class_name}} {length gt bytes
| count gt number}—Matches the length of the specified fields in the HTTP request message
header, or the overall number of fields (count) in the header. You can specify the field name
explicitly or match the field name to a regular expression or regular expression class. Field
names are listed in the previous bullet.
• match [not] request header {length gt bytes | count gt number | non-ascii}—Matches the
overall length of the HTTP request message header, or the overall number of fields (count) in
the header, or headers that have non-ASCII characters.
• match [not] request method {method | regex {regex_name | class class_name}}—Matches the
HTTP request method. You can specify the method explicitly or match the method to a regular
expression or regular expression class. Methods are: bcopy, bdelete, bmove, bpropfind,
bproppatch, connect, copy, delete, edit, get, getattribute, getattributenames, getproperties, head,
index, lock, mkcol, mkdir, move, notify, options, poll, post, propfind, proppatch, put, revadd,
revlabel, revlog, revnum, save, search, setattribute, startrev, stoprev, subscribe, trace, unedit,
unlock, unsubscribe.
• match [not] request uri {regex {regex_name | class class_name} | length gt bytes}—Matches
text found in the HTTP request message URI against the specified regular expression or regular
expression class, or messages where the request URI is greater than the specified length.
• match [not] response body {active-x | java-applet | regex {regex_name | class
class_name}}—Matches text found in the HTTP response message body against the specified
regular expression or regular expression class, or comments out Java applet and Active X object
tags in order to filter them.
• match [not] response body length gt bytes—Matches HTTP response messages where the
body is greater than the specified length.
• match [not] response header {field | regex regex_name} regex {regex_name | class
class_name}—Matches the content of a field in the HTTP response message header against the
specified regular expression or regular expression class. You can specify the field name
explicitly or match the field name to a regular expression. Field names are: accept-ranges, age,
allow, cache-control, connection, content-encoding, content-language, content-length,
content-location, content-md5, content-range, content-type, date, etag, expires, last-modified,
location, pragma, proxy-authenticate, retry-after, server, set-cookie, trailer, transfer-encoding,
upgrade, vary, via, warning, www-authenticate.
• match [not] response header {field | regex {regex_name | class class_name}} {length gt bytes
| count gt number}—Matches the length of the specified fields in the HTTP response message
header, or the overall number of fields (count) in the header. You can specify the field name
explicitly or match the field name to a regular expression or regular expression class. Field
names are listed in the previous bullet.
To Next Page
Loading...
