21-6
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 21 Using Modular Policy Framework
Configuring Special Actions for Application Inspections
Some traffic matching commands can specify regular expressions to match text inside a packet. Be sure
to create and test the regular expressions before you configure the policy map, either singly or grouped
together in a regular expression class map.
The default inspection policy map configuration includes the following commands, which sets the
maximum message length for DNS packets to be 512 bytes:
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
Note There are other default inspection policy maps such as policy-map type inspect esmtp
_default_esmtp_map. These default policy maps are created implicitly by the command inspect
protocol. For example, inspect esmtp implicitly uses the policy map “_default_esmtp_map.” All the
default policy maps can be shown by using the show running-config all policy-map command.
This section describes how to create additional inspection policy maps, and includes the following
topics:
• Creating a Regular Expression, page 21-6
• Creating a Regular Expression Class Map, page 21-8
• Identifying Traffic in an Inspection Class Map, page 21-9
• Defining Actions in an Inspection Policy Map, page 21-10
Creating a Regular Expression
A regular expression matches text strings either literally as an exact string, or by using metacharacters
so you can match multiple variants of a text string. You can use a regular expression to match the content
of certain application traffic; for example, you can match a URL string inside an HTTP packet.
Use Ctrl+V to escape all of the special characters in the CLI, such as question mark (?) or a tab. For
example, type d[Ctrl+V]g to enter d?g in the configuration.
See the regex command in the Cisco Security Appliance Command Reference for performance impact
information when matching a regular expression to packets.
Table 21-1 lists the metacharacters that have special meanings.
Table 21-1 regex Metacharacters
Character Description Notes
. Dot Matches any single character. For example, d.g matches
dog, dag, dtg, and any word that contains those
characters, such as doggonnit.
(exp) Subexpression A subexpression segregates characters from surrounding
characters, so that you can use other metacharacters on
the subexpression. For example, d(o|a)g matches dog
and dag, but do|ag matches do and ag. A subexpression
can also be used with repeat quantifiers to differentiate
the characters meant for repetition. For example,
ab(xy){3}z matches abxyxyxyz.
To Next Page
Loading...
Need help?
General