Filter
Top Products
17-59
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 17 Managing Firewall Inspection Rules
Configuring Protocols and Maps for Inspection
HTTP Class and Policy Map (ASA 7.2+/PIX 7.2+) Add or Edit Match Condition (and Action) Dialog
Boxes
Use the Add or Edit HTTP Match Criterion (for HTTP class maps) or Match Condition and Action (for
HTTP policy maps) dialog boxes to do the following:
• Define the match criterion and value for an HTTP class map.
Description A description of the policy object. A maximum of 200 characters is
allowed.
Parameters tab
Body Match Maximum The maximum number of characters in the body of an HTTP message
that should be searched in a body match.
Tip A high value can have a significant impact on performance.
Check for protocol violations Whether to check for protocol violations.
Action The action to take based on the defined settings. You can drop, reset, or
log the connection.
Spoof Server Enables you to replace the server HTTP header value with the specified
string.
Match Condition and Action Tab
The Match All table lists the criteria included in the policy map. Each row indicates whether the
inspection is looking for traffic that matches or does not match each criterion, the criterion and value
that is inspected, and the action to be taken for traffic that satisfies the conditions.
• To add a criterion, click the Add button and fill in the Match Condition and Action dialog box (see
HTTP Class and Policy Map (ASA 7.2+/PIX 7.2+) Add or Edit Match Condition (and Action)
Dialog Boxes, page 17-59).
• To edit a criterion, select it and click the Edit button.
• To delete a criterion, select it and click the Delete button.
Category The category assigned to the object. Categories help you organize and
identify rules and objects. See Using Category Objects, page 6-12.
Allow Value Override per
Device
Overrides
Edit button
Whether to allow the object definition to be changed at the device level.
For more information, see Allowing a Policy Object to Be Overridden,
page 6-18 and Understanding Policy Object Overrides for Individual
Devices, page 6-17.
If you allow device overrides, you can click the Edit button to create,
edit, and view the overrides. The Overrides field indicates the number
of devices that have overrides for this object.
Overrides: None Shows that no overrides exist on the device. You must manually set
overrides in order to change the display. For more information, see
Understanding Policy Object Overrides for Individual Devices,
page 6-17.
Note Selecting Allow Value Override per Device does not
automatically set overrides.
Table 17-35 Add and Edit HTTP Map Dialog Boxes (ASA 7.2+/PIX 7.2+) (Continued)
Element Description