Cisco Cisco FirePOWER Appliance 8360
25-43
FireSIGHT System User Guide
Chapter 25 Using Application Layer Preprocessors
Decoding HTTP Traffic
The HTTP Configuration page appears. A message at the bottom of the page identifies the intrusion
policy layer that contains the configuration. See
policy layer that contains the configuration. See
for more
information.
Step 5
You have two options:
•
Add a new server profile. Click the add icon (
) next to
Servers
on the left side of the page. The
Add Target pop-up window appears. Specify one or more IP addresses for the client in the
Server
Address
field and click
OK
.
You can specify a single IP address or address block, or a comma-separated list of either or both.
You can include up to 496 characters in a list, specify a total of 256 address entries for all server
profiles, and create a total of 255 profiles including the default profile. For information on using
IPv4 and IPv6 address blocks in the FireSIGHT System, see
You can include up to 496 characters in a list, specify a total of 256 address entries for all server
profiles, and create a total of 255 profiles including the default profile. For information on using
IPv4 and IPv6 address blocks in the FireSIGHT System, see
.
A new entry appears in the list of servers on the left side of the page, highlighted to indicate that it
is selected, and the Configuration section updates to reflect the current configuration for the profile
you added.
is selected, and the Configuration section updates to reflect the current configuration for the profile
you added.
•
Modify the settings for an existing profile. Click the configured address for a profile you have added
under
under
Servers
on the left side of the page, or click
default
.
Your selection is highlighted and the Configuration section updates to display the current
configuration for the profile you selected. To delete an existing profile, click the delete icon (
configuration for the profile you selected. To delete an existing profile, click the delete icon (
)
next to the profile you want to remove.
Step 6
Optionally, modify the address or addresses listed in the
Networks
field and click any other area of the
page.
The highlighted address updates on the left side of the page.
Note that you cannot modify the setting for
Network
in the default profile. The default profile applies to
all servers on your network that are not identified in another profile.
Step 7
In the
Ports
field, list the ports whose traffic you want to inspect with HTTP Inspect. Separate multiple
ports with commas.
Step 8
Step 9
Select a server profile as follows:
•
Select
Custom
to create your own server profile (see
for more information).
•
Select
All
to use the standard default profile, appropriate for all servers.
•
Select
IIS
to use the default IIS profile.
•
Select
Apache
to use the default Apache profile.
Step 10
If you selected
Custom
, the custom options appear.
Step 11
Configure the HTTP decoding options you want in your profile.
See
for details on available
normalization options.
Step 12
Optionally, click
Configure Rules for HTTP Configuration
at the top of the page to display rules associated
with individual options.
Click
Back
to return to the HTTP Configuration page.