Cisco Cisco Firepower Management Center 4000
25-33
FireSIGHT System User Guide
Chapter 25 Using Application Layer Preprocessors
Decoding HTTP Traffic
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.
The Policy Information page appears.
Step 3
Click
Advanced Settings
in the navigation panel on the left.
The Advanced Settings page appears.
Step 4
You have two choices, depending on whether
HTTP Configuration
under Application Layer Preprocessors
is enabled:
•
If the configuration is enabled, click
Edit
.
•
If the configuration is disabled, click
Enabled
, then click
Edit
.
The HTTP Configuration page appears.
Step 5
You can modify any of the global options described in
Step 6
Optionally, click
Configure Rules for HTTP Configuration
at the top of the page to display rules associated
with individual options.
Click
Back
to return to the HTTP Configuration page.
Step 7
Save your policy, continue editing, discard your changes, revert to the default configuration settings in
the base policy, or exit while leaving your changes in the system cache. See the
the base policy, or exit while leaving your changes in the system cache. See the
table for more information.
Selecting Server-Level HTTP Normalization Options
License:
Protection
You can set server-level options for each server you monitor, globally for all servers, or for a list of
servers. Additionally, you can use a predefined server profile to set these options, or you can set them
individually to meet the needs of your environment. Use these options, or one of the default profiles that
set these options, to specify the HTTP server ports whose traffic you want to normalize, the amount of
server response payload you want to normalize, and the types of encoding you want to normalize.
servers. Additionally, you can use a predefined server profile to set these options, or you can set them
individually to meet the needs of your environment. Use these options, or one of the default profiles that
set these options, to specify the HTTP server ports whose traffic you want to normalize, the amount of
server response payload you want to normalize, and the types of encoding you want to normalize.
If no preprocessor rule is mentioned, the option is not associated with a preprocessor rule.
Networks
Use this option to specify the IP address of one or more servers.
Note that in addition to a limit of up to 255 total profiles, including the default profile, you can
include up to 496 characters, or approximately 26 entries, in an HTTP server list, and specify a total
of 256 address entries for all server profiles. For information on using IPv4 CIDR notation and IPv6
prefix lengths in the FireSIGHT System, see
include up to 496 characters, or approximately 26 entries, in an HTTP server list, and specify a total
of 256 address entries for all server profiles. For information on using IPv4 CIDR notation and IPv6
prefix lengths in the FireSIGHT System, see
.
Note that the
default
setting in the default policy specifies all IP addresses on your monitored
network segment that are not covered by another target-based policy. Therefore, you cannot and do
not need to specify an IP address or CIDR block/prefix length for the default policy, and you cannot
leave this setting blank in another policy or use address notation to represent
not need to specify an IP address or CIDR block/prefix length for the default policy, and you cannot
leave this setting blank in another policy or use address notation to represent
any
(for example,
0.0.0.0/0 or ::/0).