B-12
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2
OL-29168-01
Appendix B Signature Engines
AIC Engine
•
FTP traffic:
–
FTP command authorization and enforcement
Table B-5 lists the parameters that are specific to the AIC HTTP engine.
Table B-5 AIC HTTP Engine Parameters
Parameter Description
signature-type Specifies the type of AIC signature.
•
content-types
•
define-web-traffic-policy
•
max-outstanding-requests-overrun
•
max-outstanding-requests-overrun
•
msg-body-pattern
•
request-methods
•
transfer-encodings
content-types Specifies the AIC signature that
deals with MIME types:
•
define-content-type—Associates
actions such as denying a
specific MIME type
(image/gif), defining a
message-size violation, and
determining that the
MIME-type mentioned in the
header and body do not match.
•
define-recognized-content-types
—Lists the content types
recognized by the sensor.
—
define-web-traffic-policy Specifies the action to take when
noncompliant HTTP traffic is seen.
The alarm-on-non-http-traffic
{true | false} command enables the
signature. This signature is disabled
by default.
—
max-outstanding-requests
-overrun
Specifies the maximum allowed
HTTP requests per connection.
1 - 16
msg-body-pattern Uses Regex to define signatures
that look for specific patterns in the
message body:
•
regex-list—
•
regex-list-in-order—
—