Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

8-19

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 8 Defining Signatures

Configuring Signatures

The following options apply:

• ftp-enable {true | false}—Enables protection for FTP services. Set to true to require the sensor to

inspect FTP traffic. The default is false.

• http-policy—Enables inspection of HTTP traffic:

–

aic-web-ports—Specifies the variable for ports to look for AIC traffic. The valid range is 0 to

65535. A comma-separated list of integer ranges a-b[,c-d] within 0-65535. The second number

in the range must be greater than or equal to the first number. The default is

80-80,3128-3128,8000-8000,8010-8010,8080-8080,8888-8888,24326-24326.

–

http-enable [true | false]—Enables protection for web services. Set to true to require the sensor

to inspect HTTP traffic for compliance with the RFC. The default is false.

–

max-outstanding-http-requests-per-connection—Specifies the maximum allowed HTTP

requests per connection. The valid value is 1 to 16. The default is 10.

Configuring the Application Policy

To configure the application policy, follow these steps:

Step 1 Log in to the CLI using an account with administrator or operator privileges.

Step 2 Enter application policy submode.

sensor# configure terminal

sensor(config)# service signature-definition sig1

sensor(config-sig)# application-policy

Step 3 Enable inspection of FTP traffic.

sensor(config-sig-app)# ftp-enable true

Step 4 Configure the HTTP application policy:

a. Enter HTTP application policy submode.

sensor(config-sig-app)# http-policy

b. Enable HTTP application policy enforcement.

sensor(config-sig-app-htt)# http-enable true

c. Specify the number of outstanding HTTP requests per connection that can be outstanding without

having received a response from the server.

sensor(config-sig-app-htt)# max-outstanding-http-requests-per-connection 5

d. Edit the AIC ports.

sensor(config-sig-app-htt)# aic-web-ports 80-80,3128-3128

Step 5 Verify your settings.

sensor(config-sig-app-htt)# exit

sensor(config-sig-app)# show settings

application-policy

-----------------------------------------------

http-policy

-----------------------------------------------

http-enable: true default: false

max-outstanding-http-requests-per-connection: 5 default: 10

aic-web-ports: 80-80,3128-3128 default: 80-80,3128-3128,8000-8000,8010-

8010,8080-8080,8888-8888,24326-24326

previous next