Yeah even that works well, got another way.. Thanks a lot.
Regards Imran On Fri, Oct 23, 2009 at 11:31 PM, Tyson Scott <[email protected]> wrote: > You can actually simplify that to > ^Server: cisco-IOS > Or > ^Server:\tcisco-IOS > > I am not sure if that is a tab or a space in the output > > [sS] just means it will match it if it is upper or lower case. > > As shown below we know the case so we don't have to account for variations. > > .* means any character 0 or more instances. > > Regards, > > Tyson Scott - CCIE #13513 R&S, Security, and SP > Technical Instructor - IPexpert, Inc. > > Telephone: +1.810.326.1444 > Cell: +1.248.504.7309 > Fax: +1.810.454.0130 > Mailto: [email protected] > > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > Piotr Matusiak > Sent: Friday, October 23, 2009 9:24 AM > To: imran mohammed > Cc: Cisco certification; OSL CCIE Security Lab Exam > Subject: Re: ZWF http response match > > Hi, > > This not work simply because you used slightly wrong pattern to match the > header field. > In HTTP header the server field looks like: > Server: cisco-IOS\r\n > > So ZBFW must match packets using the following regex string: > ^[Ss][Ee][Rr][Vv][Ee][Rr]:.*cisco-IOS > > There is a space between "Server" and "cisco-IOS" so the correct pattern > looks like: > pattern ".*cisco-IOS" > > HTH, > -- > Piotr Matusiak > CCIE #19860 (R&S, SEC) > Technical Instructor > MicronicsTraining.com > > If you can't explain it simply, you don't understand it well enough - > Albert Einstein > > > 2009/10/23 imran mohammed <[email protected]> > > > Hi all, > > > > Iam trying to match sever feild in the http response header if I see > > cisco-IOS (for cisco IOS http server) the connection should get reset > here > > is my config > > > > parameter-map type regex IMRAN > > pattern cisco-IOS > > > > > > > > class-map type inspect http match-all HTTP_TRAFFIC > > match response header server regex IMRAN > > policy-map type inspect http PMAP_DMZ_TO_SERVER > > class type inspect http HTTP_TRAFFIC > > reset > > class-map type inspect match-any CMAP_DMZ_TO_OUTSIDE > > match protocol http > > > > policy-map type inspect PMAP_DMZ_TO_OUTSIDE > > class type inspect CMAP_DMZ_TO_OUTSIDE > > inspect > > service-policy http PMAP_DMZ_TO_SERVER > > class class-default > > > > > > > > > > zone security ZONE_INSIDE > > zone security ZONE_OUTSIDE > > zone security ZONE_DMZ > > > > zone-pair security DMZ_TO_OUTSIDE source ZONE_DMZ destination > ZONE_OUTSIDE > > service-policy type inspect PMAP_DMZ_TO_OUTSIDE > > > > In ASA after creating regex we can test the regex is there anything > similar > > in cisco IOS.Can some one provide me a doc where i can see examples for > > layer 7 policies in IOS ZWF. > > > > Once this works.I want to try to change the content of the server feild > > (basically to spoof the server) How to do that ? > > > > > > Regards > > Imran > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
