That didnt work. parameter-map type regex HEADER pattern ^[Ss][Ee][Rr][Vv][Ee][Rr]:.*cisco-IOS
class-map type inspect http match-all HTTP_TRAFFIC match response header server regex HEADER If i just give the command "match response header server" it works the action is specify and i alos see a log generating.it doesnt work with regex. Regards Imran On Fri, Oct 23, 2009 at 6:53 PM, Piotr Matusiak <[email protected]> wrote: > Hi, > > This not work simply because you used slightly wrong pattern to match the > header field. > In HTTP header the server field looks like: > Server: cisco-IOS\r\n > > So ZBFW must match packets using the following regex string: > ^[Ss][Ee][Rr][Vv][Ee][Rr]:.*cisco-IOS > > There is a space between "Server" and "cisco-IOS" so the correct pattern > looks like: > pattern ".*cisco-IOS" > > HTH, > -- > Piotr Matusiak > CCIE #19860 (R&S, SEC) > Technical Instructor > MicronicsTraining.com > > “If you can't explain it simply, you don't understand it well enough” - > Albert Einstein > > > 2009/10/23 imran mohammed <[email protected]> > > Hi all, >> >> Iam trying to match sever feild in the http response header if I see >> cisco-IOS (for cisco IOS http server) the connection should get reset here >> is my config >> >> parameter-map type regex IMRAN >> pattern cisco-IOS >> >> >> >> class-map type inspect http match-all HTTP_TRAFFIC >> match response header server regex IMRAN >> policy-map type inspect http PMAP_DMZ_TO_SERVER >> class type inspect http HTTP_TRAFFIC >> reset >> class-map type inspect match-any CMAP_DMZ_TO_OUTSIDE >> match protocol http >> >> policy-map type inspect PMAP_DMZ_TO_OUTSIDE >> class type inspect CMAP_DMZ_TO_OUTSIDE >> inspect >> service-policy http PMAP_DMZ_TO_SERVER >> class class-default >> >> >> >> >> zone security ZONE_INSIDE >> zone security ZONE_OUTSIDE >> zone security ZONE_DMZ >> >> zone-pair security DMZ_TO_OUTSIDE source ZONE_DMZ destination ZONE_OUTSIDE >> service-policy type inspect PMAP_DMZ_TO_OUTSIDE >> >> In ASA after creating regex we can test the regex is there anything >> similar >> in cisco IOS.Can some one provide me a doc where i can see examples for >> layer 7 policies in IOS ZWF. >> >> Once this works.I want to try to change the content of the server feild >> (basically to spoof the server) How to do that ? >> >> >> Regards >> Imran >> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
