Filter
Top Products
7-27
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2
OL-29168-01
Chapter 7 Defining Signatures
Configuring Signatures
–
modify-packet-inline— Modifies packet data to remove ambiguity about what the end point
might do with the packet.
•
no—Removes an entry or selection setting
•
signature-type—Specifies the type of signature desired:
–
content-types—Content-types.
–
define-web-traffic-policy—Defines web traffic policy.
–
max-outstanding-requests-overrun—Inspects for large number of outstanding HTTP
requests.
–
msg-body-pattern—Message body pattern.
–
request-methods—Signature types that deal with request methods.
–
transfer-encodings—Signature types that deal with transfer encodings.
Defining a MIME-Type Policy Signature
To define a MIME-type policy signature, follow these steps:
Step 1
Log in to the CLI using an account with administrator or operator privileges.
Step 2
Enter application policy enforcement submode.
sensor# configure terminal
sensor(config)# service signature-definition sig1
sensor(config-sig)# signatures 60001 0
sensor(config-sig-sig)# engine application-policy-enforcement-http
Step 3
Specify the event action.
sensor(config-sig-sig-app)# event-action produce-alert|log-pair-packets
Step 4
Define the signature type.
sensor(config-sig-sig-app)# signature-type content-type define-content-type
Step 5
Define the content type.
sensor(config-sig-sig-app-def)# name MyContent
Step 6
Verify your settings.
sensor(config-sig-sig-app-def)# show settings
-> define-content-type
-----------------------------------------------
name: MyContent
*---> content-type-details
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
sensor(config-sig-sig-app-def)#
Step 7
Exit signatures submode.
sensor(config-sig-sig-app-def)# exit
sensor(config-sig-sig-app)# exit
sensor(config-sig-sig)# exit
sensor(config-sig)# exit
Apply Changes:?[yes]: