Hey I think my mind is totally out now.Can you just put the whole command so that i can copy n paste.Sorry for that.
Regards imran On Fri, Oct 23, 2009 at 7:35 PM, Piotr Matusiak <[email protected]> wrote: > I said you should use pattern of: pattern ".*cisco-IOS" > > > -- > Piotr Matusiak > CCIE #19860 (R&S, SEC) > Technical Instructor > MicronicsTraining.com > > “If you can't explain it simply, you don't understand it well enough” - > Albert Einstein > > > 2009/10/23 imran mohammed <[email protected]> > >> That didnt work. >> >> parameter-map type regex HEADER >> pattern ^[Ss][Ee][Rr][Vv][Ee][Rr]:.*cisco-IOS >> >> >> >> class-map type inspect http match-all HTTP_TRAFFIC >> match response header server regex HEADER >> >> If i just give the command "match response header server" it works the >> action is specify and i alos see a log generating.it doesnt work with >> regex. >> >> Regards >> Imran >> On Fri, Oct 23, 2009 at 6:53 PM, Piotr Matusiak <[email protected]> wrote: >> >>> Hi, >>> >>> This not work simply because you used slightly wrong pattern to match the >>> header field. >>> In HTTP header the server field looks like: >>> Server: cisco-IOS\r\n >>> >>> So ZBFW must match packets using the following regex string: >>> ^[Ss][Ee][Rr][Vv][Ee][Rr]:.*cisco-IOS >>> >>> There is a space between "Server" and "cisco-IOS" so the correct pattern >>> looks like: >>> pattern ".*cisco-IOS" >>> >>> HTH, >>> -- >>> Piotr Matusiak >>> CCIE #19860 (R&S, SEC) >>> Technical Instructor >>> MicronicsTraining.com >>> >>> “If you can't explain it simply, you don't understand it well enough” - >>> Albert Einstein >>> >>> >>> 2009/10/23 imran mohammed <[email protected]> >>> >>> Hi all, >>>> >>>> Iam trying to match sever feild in the http response header if I see >>>> cisco-IOS (for cisco IOS http server) the connection should get reset >>>> here >>>> is my config >>>> >>>> parameter-map type regex IMRAN >>>> pattern cisco-IOS >>>> >>>> >>>> >>>> class-map type inspect http match-all HTTP_TRAFFIC >>>> match response header server regex IMRAN >>>> policy-map type inspect http PMAP_DMZ_TO_SERVER >>>> class type inspect http HTTP_TRAFFIC >>>> reset >>>> class-map type inspect match-any CMAP_DMZ_TO_OUTSIDE >>>> match protocol http >>>> >>>> policy-map type inspect PMAP_DMZ_TO_OUTSIDE >>>> class type inspect CMAP_DMZ_TO_OUTSIDE >>>> inspect >>>> service-policy http PMAP_DMZ_TO_SERVER >>>> class class-default >>>> >>>> >>>> >>>> >>>> zone security ZONE_INSIDE >>>> zone security ZONE_OUTSIDE >>>> zone security ZONE_DMZ >>>> >>>> zone-pair security DMZ_TO_OUTSIDE source ZONE_DMZ destination >>>> ZONE_OUTSIDE >>>> service-policy type inspect PMAP_DMZ_TO_OUTSIDE >>>> >>>> In ASA after creating regex we can test the regex is there anything >>>> similar >>>> in cisco IOS.Can some one provide me a doc where i can see examples for >>>> layer 7 policies in IOS ZWF. >>>> >>>> Once this works.I want to try to change the content of the server feild >>>> (basically to spoof the server) How to do that ? >>>> >>>> >>>> Regards >>>> Imran >>>> >>>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
