Cisco Cisco ASR 5000
Firewall-and-NAT Policy Configuration Mode Commands
firewall mime-flood ▀
Command Line Interface Reference, StarOS Release 18 ▄
5121
firewall mime-flood
This command configures Stateful Firewall protection from MIME Flood attacks.
Important:
In release 8.0, this configuration is available in the ACS Configuration Mode. In release 8.1, for
Rulebase-based Stateful Firewall configuration, this configuration is available in the ACS Rulebase Configuration
Mode. In release 8.3, this configuration is available in the ACS Rulebase Configuration Mode.
Mode. In release 8.3, this configuration is available in the ACS Rulebase Configuration Mode.
Product
PSF
Privilege
Security Administrator, Administrator
Mode
Exec > ACS Configuration > Firewall-and-NAT Policy Configuration
active-charging service service_name > fw-and-nat policy policy_name
Entering the above command sequence results in the following prompt:
[local]host_name(config-fw-and-nat-policy)#
Syntax
firewall mime-flood { http-headers-limit max_limit | max-http-header-field-size max_size
}
}
default firewall mime-flood { http-headers-limit | max-http-header-field-size }
default
Configures the default setting for the specified parameter.
http-headers-limit max_limit
Specifies the maximum number of headers allowed in an HTTP packet. If the number of HTTP headers in a
page received is more than the specified limit, the request will be denied.
page received is more than the specified limit, the request will be denied.
max_limit
must be an integer from 1 through 256.
Default: 16
max-http-header-field-size max_size
Specifies the maximum header field size allowed in the HTTP header, in bytes. If the size of HTTP header in
the received page is more than the specified number of bytes, the request will be denied.
the received page is more than the specified number of bytes, the request will be denied.
max_size
must be an integer from 1 through 8192.
Default: 4096 bytes
Usage
Use this command to configure the maximum number of headers allowed in an HTTP packet, and the
maximum header field size allowed in the HTTP header to prevent MIME flooding attacks.
maximum header field size allowed in the HTTP header to prevent MIME flooding attacks.