Cisco Cisco FirePOWER Appliance 7030
25-42
FireSIGHT System User Guide
Chapter 25 Using Application Layer Preprocessors
Decoding HTTP Traffic
Max Chunk Encoding Size
Detects abnormally large chunk sizes in URI data.
You can enable rules 119:16 and 119:22 to generate events for this option. See
for more information.
Disable Pipeline Decoding
Disables HTTP decoding for pipelined requests. When this option is disabled, performance is
enhanced because HTTP requests waiting in the pipeline are not decoded or analyzed, and are only
inspected using generic pattern matching.
enhanced because HTTP requests waiting in the pipeline are not decoded or analyzed, and are only
inspected using generic pattern matching.
Non-Strict URI Parsing
Enables non-strict URI parsing. Use this option only on servers that will accept non-standard URIs
in the format "GET /index.html abc xo qr \n". Using this option, the decoder assumes that the URI
is between the first and second space, even if there is no valid HTTP identifier after the second space.
in the format "GET /index.html abc xo qr \n". Using this option, the decoder assumes that the URI
is between the first and second space, even if there is no valid HTTP identifier after the second space.
Extended ASCII Encoding
Enables parsing of extended ASCII characters in an HTTP request URI. Note that this option is
available in custom server profiles only, and not in the default profiles provided for Apache, IIS, or
all servers.
available in custom server profiles only, and not in the default profiles provided for Apache, IIS, or
all servers.
Configuring HTTP Server Options
License:
Protection
Use the following procedure to configure HTTP server options. For more information on the HTTP
server options, see
server options, see
.
To configure server-level HTTP configuration options:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Intrusion Policy.
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.
The Policy Information page appears.
Step 3
Click
Advanced Settings
in the navigation panel on the left.
The Advanced Settings page appears.
Step 4
You have two choices, depending on whether
HTTP Configuration
under Application Layer Preprocessors
is enabled:
•
If the configuration is enabled, click
Edit
.
•
If the configuration is disabled, click
Enabled
, then click
Edit
.