https://community.cisco.com/t5/application-networking/perform-action-based-on-http-method/m-p/243336#M3473 <HTML><HEAD></HEAD><BODY><P>Clayton,</P><P></P><P>If they are doing a "GET" then they should not hit the rule with the "TRACE" header field...</P><P></P><P>-Steve</P></BODY></HTML> Mon, 29 Dec 2003 21:08:13 GMT stevehall 2003-12-29T21:08:13Z https://community.cisco.com/t5/application-networking/perform-action-based-on-http-method/m-p/243333#M3470 <P>I've not been able to find a way to switch traffic based on http method. For example, I want to essentially drop all http traffic using the TRACE method. I don't think that a header-field with the request-line of "trace" would work. That would seem to apply more to specific content someone was trying to get vs. the http method.</P><P></P><P>Does anyone know of a way to do what I'm looking for?</P><P></P><P>Thanks!</P> Mon, 29 Dec 2003 18:44:12 GMT https://community.cisco.com/t5/application-networking/perform-action-based-on-http-method/m-p/243333#M3470 clayton-price 2003-12-29T18:44:12Z https://community.cisco.com/t5/application-networking/perform-action-based-on-http-method/m-p/243334#M3471 <HTML><HEAD></HEAD><BODY><P>the request line should work. To realize that, you must realize that a request line contains something like the following (without the quotes):</P><P></P><P>"GET /index.html HTTP/1.0"</P><P></P><P>I tested this real fast in the lab, but sending a redirect instead of dropping, so I could tell it was working, and it worked..</P><P></P><P></P><P>you can configure the following:</P><P></P><P>!************************** SERVICE **************************</P><P>service dummy</P><P> ip address 10.10.10.10</P><P> keepalive type none</P><P> active</P><P></P><P>!********************* HEADER FIELD GROUP *********************</P><P>header-field-group trace-match</P><P> header-field .ida request-line contain "TRACE"</P><P></P><P>!*************************** OWNER ***************************</P><P>owner myrule</P><P></P><P> content block-trace</P><P> vip address 2.3.4.5</P><P> protocol tcp</P><P> port 80</P><P> url "/*"</P><P> header-field-rule .ida weight 0</P><P> add service dummy</P><P> active</P><P></P><P></P><P>of course, use your own VIP, instead of 2.3.4.5. Also, you can put a search length on the header-group so you will not catch anyone who puts "TRACE" in the url...</P><P></P><P>header-field .ida request-line contain "TRACE" 10</P><P></P><P>let me know if that does the trick or not!</P><P></P><P>-Steve</P></BODY></HTML> Mon, 29 Dec 2003 19:47:00 GMT https://community.cisco.com/t5/application-networking/perform-action-based-on-http-method/m-p/243334#M3471 stevehall 2003-12-29T19:47:00Z https://community.cisco.com/t5/application-networking/perform-action-based-on-http-method/m-p/243335#M3472 <HTML><HEAD></HEAD><BODY><P>Thanks Steve!</P><P></P><P>So even if it is not an HTTP GET that they are performing it should work? I'm using header-fields to block nimda and code red etc, but all of those use an HTTP GET instead of HTTP TRACE.</P><P></P><P>I'll give it a shot.</P><P></P><P>Thanks! </P></BODY></HTML> Mon, 29 Dec 2003 20:19:44 GMT https://community.cisco.com/t5/application-networking/perform-action-based-on-http-method/m-p/243335#M3472 clayton-price 2003-12-29T20:19:44Z https://community.cisco.com/t5/application-networking/perform-action-based-on-http-method/m-p/243336#M3473 <HTML><HEAD></HEAD><BODY><P>Clayton,</P><P></P><P>If they are doing a "GET" then they should not hit the rule with the "TRACE" header field...</P><P></P><P>-Steve</P></BODY></HTML> Mon, 29 Dec 2003 21:08:13 GMT https://community.cisco.com/t5/application-networking/perform-action-based-on-http-method/m-p/243336#M3473 stevehall 2003-12-29T21:08:13Z