According to the link, "Arg Name Regex" its for matching argument in the entity
body
The entity body is obtained from the message body :
RFC 2616 -
4.3 Message Body
The message-body (if any) of an HTTP message is used to carry the
entity-body associated with the request or response. The message-body
differs from the entity-body only when a transfer-coding has been
applied, as indicated by the Transfer-Encoding header field (section
14.41).
message-body = entity-body
| <entity-body encoded as per Transfer-Encoding>
So you cannot match Host field....
Maybe i am wrong...i did not check it...
Regards,
Meytal
-----Original Message-----
From: [email protected] on behalf of Kingsley Charles
Sent: Fri 4/8/2011 9:31 AM
To: [email protected]
Subject: [OSL | CCIE_Security] Service HTTP Signature
Hi all
I configured a service http signature with specify-arg-name-regex defined as
following but it didn't fire.
Arg Name Regex = Host:
Arg Value regex = 10.20.30.40
When I configure service http signature with "specify-request-regex" of any
argument in the HTTP header, it fires.
Can someone let me know, the use of "specify-arg-name-regex"?
Snippet from
http://www.cisco.com/en/US/docs/security/ips/5.1/configuration/guide/idm/dmSgEng.html#wp1055656
specify-arg-name-regex
(Optional) Enables searching the Arguments field for a specific regular
expression:
.arg-name-regex-Regular expression to search for in the HTTP Arguments field
(after the ? and in the Entity body as defined by Content-Length).
specify-request-regex
(Optional) Enables searching the Request field for a specific regular
expression:
.request-regex-Regular expression to search in both HTTP URI and HTTP
Argument fields.
.specify-min-request-match-length-Enables setting a minimum request match
length.
With regards
Kings
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
