Cisco Systems IPS4510K9 Home Security System User Manual

Open as PDF

of 854

B-47

Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2

OL-29168-01

Appendix B Signature Engines

Service Engines

Before an HTTP packet can be inspected, the data must be deobfuscated or normalized to the same

representation that the target system sees when it processes the data. It is ideal to have a customized

decoding technique for each host target type, which involves knowing what operating system and web

server version is running on the target. The Service HTTP engine has default deobfuscation behavior for

the Microsoft IIS web server.

Table B-22 lists the parameters specific the Service HTTP engine.

Table B-22 Service HTTP Engine Parameters

Parameter Description Value

de-obfuscate Applies anti-evasive deobfuscation before

searching.

true | false

max-field-sizes Enables maximum field sizes grouping. —

specify-max-arg-field-length

{yes | no}

(Optional) Enables maximum argument field

length:

•

max-arg-field-length—Specifies the

maximum length of the arguments field.

0 to 65535

specify-max-header-field-length

{yes | no}

(Optional) Enables maximum header field

length:

•

max-header-field-length—Specifies the

maximum length of the header field.

0 to 65535

specify-max-request-length {yes

| no}

(Optional) Enables maximum request field

length:

•

max-request-length—Specifies the

maximum length of the request field.

0 to 65535

specify-max-uri-field-length

{yes | no}

(Optional) Enables the maximum URI field

length:

•

max-uri-field-length—Specifies the

maximum length of the URI field.

0 to 65535

regex Enables regular expression grouping. —

specify-arg-name-regex {yes |

no}

(Optional) Enables searching the Arguments

field for a specific regular expression:

•

arg-name-regex—Specifies the regular

expression to search for in the HTTP

Arguments field (after the ? and in the

Entity body as defined by

Content-Length).

—

specify-header-regex {yes | no} (Optional) Enables searching the Header

field for a specific regular expression:

•

header-regex—Specifies the regular

expression to search in the HTTP Header

field.

Note

The Header is defined after the first

CRLF and continues until

CRLFCRLF.

—

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems IPS4510K9 Home Security System User Manual