Cisco Cisco Firepower Management Center 4000

If the values for the 

 and 

 options are 

different in an intrusion policy associated with the default action of an access control policy and 
intrusion policies associated with access control rules, the highest value is used. See 

, and 

 for more information.

If no preprocessor rule is mentioned, the option is not associated with a preprocessor rule.

Detects HTTP traffic sent to or received by ports not specified as web server ports.

If you turn this option on, make sure to list all ports that do receive HTTP traffic in a server 
profile on the HTTP Configuration page. If you do not, and you have enabled this option and 
the accompanying preprocessor rule, normal traffic to and from the server will generate 
events. The default server profile contains all ports normally used for HTTP traffic, but if 
you modified that profile, you may need to add those ports to another profile to prevent 
events from being generated.

You can enable rule 120:1 to generate events for this option. See 

 for 

more information.

Detects HTTP traffic using proxy servers not defined by the 

 option.

You can enable rule 119:17 to generate events for this option. See 

for more information.

Sets the maximum size of compressed data to decompress when 

is enabled. 

You can specify from 1 to 65535 bytes. 

Sets the maximum size of the normalized decompressed data when 

is 

enabled. You can specify from 1 to 65535 bytes. 

Protection

You can configure detection of HTTP traffic to non-standard ports and on HTTP traffic using proxy 
servers. For more information on global HTTP configuration options, see 

.

Admin/Intrusion Admin

Select 

The Intrusion Policy page appears.

Click the edit icon (

) next to the policy you want to edit.