17-52
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 17 Managing Firewall Inspection Rules
Configuring Protocols and Maps for Inspection
HTTP Map Entity Length Tab
Use the Entity Length tab to enable inspection based on the length of the HTTP content.
Navigation Path
Click the Entity Length tab on the Add and Edit HTTP Map dialog boxes for ASA 7.1.x/PIX
7.1.x/FWSM 3.x/IOS Devices. See Configuring HTTP Maps for ASA 7.1.x, PIX 7.1.x, FWSM 3.x and
IOS Devices, page 17-50.
Related Topics
Understanding Map Objects, page 6-72
Configuring Protocols and Maps for Inspection, page 17-21
Verify Content-type field
belongs to the supported
internal content-type list.
Whether you want to configure the action to be taken for traffic whose
content type does not belong to the supported internal content-type list.
Possible actions are:
Allow Packet—Allow the message.
Drop Packet—Close the connection.
Reset Connection (default)—Send a TCP reset message to client
and server.
You can also select these options:
Verify Content-type field for response matches the ACCEPT
field of request—To also verify that the content type of the
response matches the request.
Generate Syslog—To write a message to the syslog if
non-compliant traffic is encountered.
Override Global TCP Idle
Timeout (IOS only)
Whether to change the TCP idle timeout default setting. An IOS device
terminates a connection if there is no communication activity after this
length of time. If you select this option, specify the desired timeout
value in seconds.
Override Global Audit Trail
Setting (IOS only)
Enable Audit Trail
Whether to change the audit trail setting for IOS devices. If you select
this option, you can select Enable Audit Trail to generate audit trail
messages.
Table17-29 HTTP Map General Tab (Continued)
Element Description