User manual
8-27
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 8 Defining Signatures
Configuring Signatures
–
modify-packet-inline— Modifies packet data to remove ambiguity about what the end point
might do with the packet.
• no—Removes an entry or selection setting
• signature-type—Specifies the type of signature desired:
–
content-types—Content-types.
–
define-web-traffic-policy—Defines web traffic policy.
–
max-outstanding-requests-overrun—Inspects for large number of outstanding HTTP
requests.
–
msg-body-pattern—Message body pattern.
–
request-methods—Signature types that deal with request methods.
–
transfer-encodings—Signature types that deal with transfer encodings.
Defining a MIME-Type Policy Signature
To define a MIME-type policy signature, follow these steps:
Step 1 Log in to the CLI using an account with administrator or operator privileges.
Step 2 Enter application policy enforcement submode.
sensor# configure terminal
sensor(config)# service signature-definition sig1
sensor(config-sig)# signatures 60001 0
sensor(config-sig-sig)# engine application-policy-enforcement-http
Step 3 Specify the event action.
sensor(config-sig-sig-app)# event-action produce-alert|log-pair-packets
Step 4 Define the signature type.
sensor(config-sig-sig-app)# signature-type content-type define-content-type
Step 5 Define the content type.
sensor(config-sig-sig-app-def)# name MyContent
Step 6 Verify your settings.
sensor(config-sig-sig-app-def)# show settings
-> define-content-type
-----------------------------------------------
name: MyContent
*---> content-type-details
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
sensor(config-sig-sig-app-def)#
Step 7 Exit signatures submode.
sensor(config-sig-sig-app-def)# exit
sensor(config-sig-sig-app)# exit
sensor(config-sig-sig)# exit
sensor(config-sig)# exit
Apply Changes:?[yes]: