LOL, here it is: parameter-map type regex IMRAN no pattern cisco-IOS pattern ".*cisco-IOS"
-- Piotr Matusiak CCIE #19860 (R&S, SEC) Technical Instructor MicronicsTraining.com “If you can't explain it simply, you don't understand it well enough” - Albert Einstein 2009/10/23 imran mohammed <[email protected]> > Hey I think my mind is totally out now.Can you just put the whole command > so that i can copy n paste.Sorry for that. > > Regards > imran > > > On Fri, Oct 23, 2009 at 7:35 PM, Piotr Matusiak <[email protected]> wrote: > >> I said you should use pattern of: pattern ".*cisco-IOS" >> >> >> -- >> Piotr Matusiak >> CCIE #19860 (R&S, SEC) >> Technical Instructor >> MicronicsTraining.com >> >> “If you can't explain it simply, you don't understand it well enough” - >> Albert Einstein >> >> >> 2009/10/23 imran mohammed <[email protected]> >> >>> That didnt work. >>> >>> parameter-map type regex HEADER >>> pattern ^[Ss][Ee][Rr][Vv][Ee][Rr]:.*cisco-IOS >>> >>> >>> class-map type inspect http match-all HTTP_TRAFFIC >>> match response header server regex HEADER >>> >>> If i just give the command "match response header server" it works the >>> action is specify and i alos see a log generating.it doesnt work with >>> regex. >>> >>> Regards >>> Imran >>> On Fri, Oct 23, 2009 at 6:53 PM, Piotr Matusiak <[email protected]> wrote: >>> >>>> Hi, >>>> >>>> This not work simply because you used slightly wrong pattern to match >>>> the header field. >>>> In HTTP header the server field looks like: >>>> Server: cisco-IOS\r\n >>>> >>>> So ZBFW must match packets using the following regex string: >>>> ^[Ss][Ee][Rr][Vv][Ee][Rr]:.*cisco-IOS >>>> >>>> There is a space between "Server" and "cisco-IOS" so the correct pattern >>>> looks like: >>>> pattern ".*cisco-IOS" >>>> >>>> HTH, >>>> -- >>>> Piotr Matusiak >>>> CCIE #19860 (R&S, SEC) >>>> Technical Instructor >>>> MicronicsTraining.com >>>> >>>> “If you can't explain it simply, you don't understand it well enough” - >>>> Albert Einstein >>>> >>>> >>>> 2009/10/23 imran mohammed <[email protected]> >>>> >>>> Hi all, >>>>> >>>>> Iam trying to match sever feild in the http response header if I see >>>>> cisco-IOS (for cisco IOS http server) the connection should get reset >>>>> here >>>>> is my config >>>>> >>>>> parameter-map type regex IMRAN >>>>> pattern cisco-IOS >>>>> >>>>> >>>>> >>>>> class-map type inspect http match-all HTTP_TRAFFIC >>>>> match response header server regex IMRAN >>>>> policy-map type inspect http PMAP_DMZ_TO_SERVER >>>>> class type inspect http HTTP_TRAFFIC >>>>> reset >>>>> class-map type inspect match-any CMAP_DMZ_TO_OUTSIDE >>>>> match protocol http >>>>> >>>>> policy-map type inspect PMAP_DMZ_TO_OUTSIDE >>>>> class type inspect CMAP_DMZ_TO_OUTSIDE >>>>> inspect >>>>> service-policy http PMAP_DMZ_TO_SERVER >>>>> class class-default >>>>> >>>>> >>>>> >>>>> >>>>> zone security ZONE_INSIDE >>>>> zone security ZONE_OUTSIDE >>>>> zone security ZONE_DMZ >>>>> >>>>> zone-pair security DMZ_TO_OUTSIDE source ZONE_DMZ destination >>>>> ZONE_OUTSIDE >>>>> service-policy type inspect PMAP_DMZ_TO_OUTSIDE >>>>> >>>>> In ASA after creating regex we can test the regex is there anything >>>>> similar >>>>> in cisco IOS.Can some one provide me a doc where i can see examples for >>>>> layer 7 policies in IOS ZWF. >>>>> >>>>> Once this works.I want to try to change the content of the server feild >>>>> (basically to spoof the server) How to do that ? >>>>> >>>>> >>>>> Regards >>>>> Imran >>>>> >>>>> >>>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
