Difference between revisions of "Netband Project - Zone based Firewall(ZFW)"
From Teknologisk videncenter
(→External links) |
(→External links) |
||
| Line 1: | Line 1: | ||
<accesscontrol>NetBand</accesscontrol> | <accesscontrol>NetBand</accesscontrol> | ||
This page is part of the [[Netband_Project|Netband Project]]<br/> | This page is part of the [[Netband_Project|Netband Project]]<br/> | ||
| + | ===HTTP Aplication inspection== | ||
| + | <pre>parameter-map type regex uri_regex_cm | ||
| + | pattern ..*cmd.exe. | ||
| + | pattern ..*sex. | ||
| + | pattern ..*gambling. | ||
| + | ! | ||
| + | class-map type inspect http match-all uri_check_cm | ||
| + | match request uri regex uri_regex_cm | ||
| + | ! | ||
| + | class-map type inspect match-any INSIDE-OUT-HTTP | ||
| + | match protocol http | ||
| + | ! | ||
| + | policy-map type inspect http uri_check_pm | ||
| + | class type inspect http uri_check_cm | ||
| + | reset | ||
| + | class class-default | ||
| + | ! | ||
| + | policy-map type inspect INSIDE-OUT-PMAP | ||
| + | class type inspect INSIDE-OUT-HTTP | ||
| + | inspect | ||
| + | service-policy http uri_check_pm | ||
| + | </pre> | ||
| + | |||
==External links== | ==External links== | ||
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml | http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml | ||
<br> | <br> | ||
http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_zone_polcy_firew.html | http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_zone_polcy_firew.html | ||
Revision as of 09:15, 27 April 2009
<accesscontrol>NetBand</accesscontrol>
This page is part of the Netband Project
=HTTP Aplication inspection
parameter-map type regex uri_regex_cm pattern ..*cmd.exe. pattern ..*sex. pattern ..*gambling. ! class-map type inspect http match-all uri_check_cm match request uri regex uri_regex_cm ! class-map type inspect match-any INSIDE-OUT-HTTP match protocol http ! policy-map type inspect http uri_check_pm class type inspect http uri_check_cm reset class class-default ! policy-map type inspect INSIDE-OUT-PMAP class type inspect INSIDE-OUT-HTTP inspect service-policy http uri_check_pm
External links
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml
http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_zone_polcy_firew.html