B-12
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix B Signature Engines
AIC Engine
• FTP traffic:
–
FTP command authorization and enforcement
Table B-5 lists the parameters that are specific to the AIC HTTP engine.
Table B-5 AIC HTTP Engine Parameters
Parameter Description
signature-type Specifies the type of AIC signature.
• content-types
• define-web-traffic-policy
• max-outstanding-requests-ove
rrun
• max-outstanding-requests-ove
rrun
• msg-body-pattern
• request-methods
• transfer-encodings
•
content-types Specifies the AIC signature that deals with
MIME types:
• define-content-type—Associates
actions such as denying a specific
MIME type (image/gif), defining a
message-size violation, and
determining that the MIME-type
mentioned in the header and body do
not match.
• define-recognized-content-types—Lists
the content types recognized by the
sensor.
—
define-web-traffic-poli
cy
Specifies the action to take when
noncompliant HTTP traffic is seen. The
alarm-on-non-http-traffic {true | false}
command enables the signature. This
signature is disabled by default.
—
max-outstanding-requ
ests-overrun
Specifies the maximum allowed HTTP
requests per connection.
1 - 16
msg-body-pattern Uses Regex to define signatures that look
for specific patterns in the message body:
• regex-list—
• regex-list-in-order—
—