09-25-2007 06:03 AM
Hi,
Is there a way to use REGEX within the CSS?
If not, can we do it with the enhanced feature set?
GOAL:
In order to protect ourself from XSS scripting, we would like to be able to use REGEX within a header-field to catch several pattern within a query string and send those to a donjon server or a 404 page via a content rule.
Regards,
Wig
09-25-2007 08:44 AM
All you can do is this :
CSS11503-2(config-header-field-group[gd])# header-field test ?
msisdn HTTP extension MSISDN request header
referer HTTP Referer request header
accept HTTP Accept request header
encoding HTTP Accept-Encoding request header
charset HTTP Accept-Charset request header
connection HTTP Connection general header
cookies HTTP Cookie header
cache-control HTTP Cache-Control general header
pragma HTTP Pragma general header
host HTTP Host request header
language HTTP Accept-Language request header
user-agent HTTP User-Agent request header
request-line HTTP Request-Line
custom HTTP custom header field tag
CSS11503-2(config-header-field-group[gd])# header-field test user-agent
contain Header-Field exists and contains the header-string
equal Header-Field exists and is equal to the header-string
exist Header-Field exists in the request
not-contain Header-Field exists but does not contain the
header-string
not-equal Header-Field exists but does not equal the header-string
not-exist Header-Field does not exist in the request
CSS11503-2(config-header-field-group[gd])# header-field test user-agent ?
contain Header-Field exists and contains the header-string
equal Header-Field exists and is equal to the header-string
exist Header-Field exists in the request
not-contain Header-Field exists but does not contain the
header-string
not-equal Header-Field exists but does not equal the header-string
not-exist Header-Field does not exist in the request
CSS11503-2(config-header-field-group[gd])# header-field test user-agent
The CSM and ace both offer the possibility to use regex.
Gilles.
09-25-2007 09:49 AM
Thanks for the info,
Other than a Catalyst 6000series chassis module, is there other Cisco product that support Regex?
Do the AVS (Application Velocity System) support this?
09-26-2007 12:28 AM
the ACE module will soon come out in an appliance version.
Gilles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide