Syntax Description

match-req-resp

(Optional) This command verifies the content type of the HTTP response against the accept field of the HTTP request.

action

Messages that match the specified content type are subject to the specified action (reset or allow).

reset

This keyword sends a TCP reset notification to the client or server if the HTTP message fails the mode inspection.

allow

This keyword forwards the packet through the firewall.

alarm

(Optional) This keyword generates system logging (syslog) messages for the given action.

If this command is not issued, all traffic will be allowed.

If this command is not issued, all traffic will be allowed.

After the content-type-verification command is issued, all HTTP messages are subjected to the following inspections:

■ Verify that the content type of the message header is listed as a supported content type

■ Verify that the content type of the header matches the content of the message data or entity body portion of the message

Step 6 Permit or deny HTTP traffic on the basis of the message header length.

router(cfg-appfw-policy-http)# max-header-length request bytes response bytes action {reset | allow} [alarm]

0 0

Post a comment