Hi all If there is a task asking to configure IPS sesnor to detect HTTP traffic that non RFC compliant then what should be solution?
Should I just enable AIC HTTP at the path *Configuration > Policies > Signature Definitions > sig0 > All Signatures > Advanced > Miscellaneous > HTTP Policy > Enable HTTP > Yes* or Configure enable HTTP AIC and configure a sig by selecting type of "*Define Web Traffic Policy"* and select "*Yes"* for *"alarm on Non-HTTP traffic"*. I need to verify it. Can someone let me know a simple way on how to generate non-compliant RFC HTTP traffic to check if it is enough to just enable AIC HTTP to detect non compliant RFC traffic. Please don't tell me to telnet to port 80. I am aware that :-) I need something like HTTP request without "get". This I can't be simulated in lab. Any other method that can be simulated in lab? *Snippet from Help page* Configuration > Policies > Signature Definitions > sig0 > All Signatures > Advanced > Miscellaneous > Help Fields The following fields are found on the Miscellaneous tab: Application Policy—Lets you configure application policy enforcement. Enable HTTP —Enables protection for web services. Check the Yes check box to require the sensor to inspect HTTP traffic for compliance with the RFC. Max HTTP Requests—Specifies the maximum number of outstanding HTTP requests per connection. AIC Web Ports—Specifies the variable for ports to look for AIC traffic. Enable FTP—Enables protection for web services. Check the Yes check box to require the sensor to inspect FTP traffic. With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
