WOW this one worked parameter-map type regex HEADER pattern .*cisco-IOS Thanks alot
Imran On Fri, Oct 23, 2009 at 7:43 PM, Piotr Matusiak <[email protected]> wrote: > LOL, here it is: > > > parameter-map type regex IMRAN > no pattern cisco-IOS > > pattern ".*cisco-IOS" > > > -- > Piotr Matusiak > CCIE #19860 (R&S, SEC) > Technical Instructor > MicronicsTraining.com > > “If you can't explain it simply, you don't understand it well enough” - > Albert Einstein > > > 2009/10/23 imran mohammed <[email protected]> > >> Hey I think my mind is totally out now.Can you just put the whole command >> so that i can copy n paste.Sorry for that. >> >> Regards >> imran >> >> >> On Fri, Oct 23, 2009 at 7:35 PM, Piotr Matusiak <[email protected]> wrote: >> >>> I said you should use pattern of: pattern ".*cisco-IOS" >>> >>> >>> -- >>> Piotr Matusiak >>> CCIE #19860 (R&S, SEC) >>> Technical Instructor >>> MicronicsTraining.com >>> >>> “If you can't explain it simply, you don't understand it well enough” - >>> Albert Einstein >>> >>> >>> 2009/10/23 imran mohammed <[email protected]> >>> >>>> That didnt work. >>>> >>>> parameter-map type regex HEADER >>>> pattern ^[Ss][Ee][Rr][Vv][Ee][Rr]:.*cisco-IOS >>>> >>>> >>>> >>>> class-map type inspect http match-all HTTP_TRAFFIC >>>> match response header server regex HEADER >>>> >>>> If i just give the command "match response header server" it works the >>>> action is specify and i alos see a log generating.it doesnt work with >>>> regex. >>>> >>>> Regards >>>> Imran >>>> On Fri, Oct 23, 2009 at 6:53 PM, Piotr Matusiak <[email protected]>wrote: >>>> >>>>> Hi, >>>>> >>>>> This not work simply because you used slightly wrong pattern to match >>>>> the header field. >>>>> In HTTP header the server field looks like: >>>>> Server: cisco-IOS\r\n >>>>> >>>>> So ZBFW must match packets using the following regex string: >>>>> ^[Ss][Ee][Rr][Vv][Ee][Rr]:.*cisco-IOS >>>>> >>>>> There is a space between "Server" and "cisco-IOS" so the correct >>>>> pattern looks like: >>>>> pattern ".*cisco-IOS" >>>>> >>>>> HTH, >>>>> -- >>>>> Piotr Matusiak >>>>> CCIE #19860 (R&S, SEC) >>>>> Technical Instructor >>>>> MicronicsTraining.com >>>>> >>>>> “If you can't explain it simply, you don't understand it well enough” - >>>>> Albert Einstein >>>>> >>>>> >>>>> 2009/10/23 imran mohammed <[email protected]> >>>>> >>>>> Hi all, >>>>>> >>>>>> Iam trying to match sever feild in the http response header if I see >>>>>> cisco-IOS (for cisco IOS http server) the connection should get reset >>>>>> here >>>>>> is my config >>>>>> >>>>>> parameter-map type regex IMRAN >>>>>> pattern cisco-IOS >>>>>> >>>>>> >>>>>> >>>>>> class-map type inspect http match-all HTTP_TRAFFIC >>>>>> match response header server regex IMRAN >>>>>> policy-map type inspect http PMAP_DMZ_TO_SERVER >>>>>> class type inspect http HTTP_TRAFFIC >>>>>> reset >>>>>> class-map type inspect match-any CMAP_DMZ_TO_OUTSIDE >>>>>> match protocol http >>>>>> >>>>>> policy-map type inspect PMAP_DMZ_TO_OUTSIDE >>>>>> class type inspect CMAP_DMZ_TO_OUTSIDE >>>>>> inspect >>>>>> service-policy http PMAP_DMZ_TO_SERVER >>>>>> class class-default >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> zone security ZONE_INSIDE >>>>>> zone security ZONE_OUTSIDE >>>>>> zone security ZONE_DMZ >>>>>> >>>>>> zone-pair security DMZ_TO_OUTSIDE source ZONE_DMZ destination >>>>>> ZONE_OUTSIDE >>>>>> service-policy type inspect PMAP_DMZ_TO_OUTSIDE >>>>>> >>>>>> In ASA after creating regex we can test the regex is there anything >>>>>> similar >>>>>> in cisco IOS.Can some one provide me a doc where i can see examples >>>>>> for >>>>>> layer 7 policies in IOS ZWF. >>>>>> >>>>>> Once this works.I want to try to change the content of the server >>>>>> feild >>>>>> (basically to spoof the server) How to do that ? >>>>>> >>>>>> >>>>>> Regards >>>>>> Imran >>>>>> >>>>>> >>>>> >>>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
