33-7
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter33 Configuring Special Actions for Application Inspections (Inspection Policy Map)
Where to Go Next
Examples
The following example creates an HTTP class map that must match all criteria:
hostname(config-cmap)# class-map type inspect http match-all http-traffic
hostname(config-cmap)# match req-resp content-type mismatch
hostname(config-cmap)# match request body length gt 1000
hostname(config-cmap)# match not request uri regex class URLs
The following example creates an HTTP class map that can match any of the criteria:
hostname(config-cmap)# class-map type inspect http match-any monitor-http
hostname(config-cmap)# match request method get
hostname(config-cmap)# match request method put
hostname(config-cmap)# match request method post
Where to Go Next
To use an inspection policy, see Chapter32, “Configuring a Service Policy Using the Modular Policy
Framework.”
Step3 (Optional)
description string
Example:
hostname(config-cmap)# description All UDP
traffic
Adds a description to the class map.
Step4 Define the traffic to include in the class by
entering one or more match commands available
for your application.
To specify traffic that should not match the class map, use the
match not command. For example, if the match not command
specifies the string “example.com,” then any traffic that includes
“example.com” does not match the class map.
To see the match commands available for each application, see
the appropriate inspection chapter.
Command Purpose