Imram,
I did something like this in one of the volume 2 labs. But I can't remember which lab. I showed how to change the server name for the XP workstation default website. So you could use your test workstation to try to spoof information because you have access to edit the files in windows. But for IOS you wouldn't be able to change it. BGP has a regex test for testing regex expressions But I am not aware of one for the parameter-maps in IOS. If there is one I don't know it. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Telephone: +1.810.326.1444 Cell: +1.248.504.7309 Fax: +1.810.454.0130 Mailto: <mailto:[email protected]> [email protected] Join our free online support and peer group communities: <http://www.ipexpert.com/communities> http://www.IPexpert.com/communities IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage Lab Certifications. From: [email protected] [mailto:[email protected]] On Behalf Of imran mohammed Sent: Friday, October 23, 2009 3:38 AM To: Cisco certification; OSL CCIE Security Lab Exam Subject: [OSL | CCIE_Security] ZWF http response match Hi all, Iam trying to match sever feild in the http response header if I see cisco-IOS (for cisco IOS http server) the connection should get reset here is my config parameter-map type regex IMRAN pattern cisco-IOS class-map type inspect http match-all HTTP_TRAFFIC match response header server regex IMRAN policy-map type inspect http PMAP_DMZ_TO_SERVER class type inspect http HTTP_TRAFFIC reset class-map type inspect match-any CMAP_DMZ_TO_OUTSIDE match protocol http policy-map type inspect PMAP_DMZ_TO_OUTSIDE class type inspect CMAP_DMZ_TO_OUTSIDE inspect service-policy http PMAP_DMZ_TO_SERVER class class-default zone security ZONE_INSIDE zone security ZONE_OUTSIDE zone security ZONE_DMZ zone-pair security DMZ_TO_OUTSIDE source ZONE_DMZ destination ZONE_OUTSIDE service-policy type inspect PMAP_DMZ_TO_OUTSIDE In ASA after creating regex we can test the regex is there anything similar in cisco IOS.Can some one provide me a doc where i can see examples for layer 7 policies in IOS ZWF. Once this works.I want to try to change the content of the server feild (basically to spoof the server) How to do that ? Regards Imran
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
