Cisco Cisco ASR 5700
ACS Rulebase Configuration Mode Commands
http header-parse-limit ▀
Command Line Interface Reference, StarOS Release 17 ▄
731
For operators who have Stateful Firewall in-line service enabled, and are okay if packets are dropped, a
workaround is to configure the
workaround is to configure the
firewall mime-flood
command in the ACS Configuration Mode, which
enables to configure the maximum number of headers allowed in an HTTP packet and the maximum header
field size allowed in the HTTP header (in bytes). However, a limitation of this workaround is that Stateful
Firewall supports MIME flood detection only in the downlink direction.
The support for LF termination has been added in StarOS 14.0 and later releases. For this release, with the
help of configurable maximum header length support, HTTP analyzer would be allowing such LF terminated
HTTP request/responses to pass through without rule matching only until the configured maximum header
length is reached. When this threshold is reached, immediately the analyzer marks such HTTP session as
failure and rule match would occur for
field size allowed in the HTTP header (in bytes). However, a limitation of this workaround is that Stateful
Firewall supports MIME flood detection only in the downlink direction.
The support for LF termination has been added in StarOS 14.0 and later releases. For this release, with the
help of configurable maximum header length support, HTTP analyzer would be allowing such LF terminated
HTTP request/responses to pass through without rule matching only until the configured maximum header
length is reached. When this threshold is reached, immediately the analyzer marks such HTTP session as
failure and rule match would occur for
http error = TRUE
for the current packet as well as for all the
previous packets that passed through unmatched. At this point, the quota for all such packets will be
requested and reported.
requested and reported.
Example
The following command sets the HTTP header parse limit to
10000
bytes:
http header-parse-limit 10000