14-17
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
14






Configuring

Traffic

Policies
Setting
Match

Conditions

for

Class

Maps
Setting
Match

Conditions

for

Layer

7

HTTP

Deep

Packet

Inspection

Class

Maps
You
can

configure

a

Layer

7

class

map

for

deep

packet

inspection

of

HTTP

traffic

by

the

ACE.

When
these
features

are

configured,

the

ACE

performs

a

stateful

deep

packet

inspection

of

the

HTTP

protocol
and
permits

or

re

stricts

t

raffic

based

on

the

actions

i

n

the

defined

policy

maps.

You

can

configure

t

he
following
security

features

as

part

of

HTTP

deep

packet

inspection

to

be

performed

by

the

ACE:


Regular
expression

matching

on

name

in

an

HTTP

header,

URL

name,

or

content

expressions

in

an
HTTP
entity

body


Content,
URL,

and

HTTP

header
length
checks


MIME-type
message

inspection


Transfer-encoding
methods


Content
type
verification
and

filtering


Port
80

mi

suse

by

tunneling

pr

otocols


RFC
compliance

monitoring

and

RFC

me

thod

filtering
Use
this

procedure

to

configure

a

Layer

7

class

map

for

deep

packet

inspection

of

HTTP

traffic.
Assumption
You
have

configured

a

Layer

7

HTTP

deep

packet

inspection

class

map

and

want

to

establish

match
conditions.
Procedure
Step
1
Choose
Config
>

Devices

>

context

>

Expert

>

Class

Maps.
The
Class

Maps

table

appears.
Step
2
In
the

Class

Maps

table,

choose

the

Layer
7
HTTP
deep

packet

inspection

class

map

that

you

want

to

set
match
conditions

for.
The
Match

Condition

table

appears.
Step
3
In
the
Match
Condition

table,

cl

ick
Add
to

add
match
criteria,

or

choose

the

match

condition

that

you
want
to

modify

and

click

Edit.
The
Match

Condition

configuration

window

appears.
Step
4
In
the

Sequence

Number

field

of

the

Match

Condition

configuration

window,
enter
a

value

from

2

to

255
as
the

line

number.
The
number

entered

here

does

not

indicate

a

pr

iority

or

se

quence

for

the

match

conditions.
Step
5
In
the

Match

Condition

Type

field,

choose

the

method

that

match

decisions

are

to

be

made

and

configure
condition-specific
attributes

as

de

scribed

in

Ta

b

l

e


14-7 .