Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

perform action based on http method.

I've not been able to find a way to switch traffic based on http method. For example, I want to essentially drop all http traffic using the TRACE method. I don't think that a header-field with the request-line of "trace" would work. That would seem to apply more to specific content someone was trying to get vs. the http method.

Does anyone know of a way to do what I'm looking for?


New Member

Re: perform action based on http method.

the request line should work. To realize that, you must realize that a request line contains something like the following (without the quotes):

"GET /index.html HTTP/1.0"

I tested this real fast in the lab, but sending a redirect instead of dropping, so I could tell it was working, and it worked..

you can configure the following:

!************************** SERVICE **************************

service dummy

ip address

keepalive type none


!********************* HEADER FIELD GROUP *********************

header-field-group trace-match

header-field .ida request-line contain "TRACE"

!*************************** OWNER ***************************

owner myrule

content block-trace

vip address

protocol tcp

port 80

url "/*"

header-field-rule .ida weight 0

add service dummy


of course, use your own VIP, instead of Also, you can put a search length on the header-group so you will not catch anyone who puts "TRACE" in the url...

header-field .ida request-line contain "TRACE" 10

let me know if that does the trick or not!


New Member

Re: perform action based on http method.

Thanks Steve!

So even if it is not an HTTP GET that they are performing it should work? I'm using header-fields to block nimda and code red etc, but all of those use an HTTP GET instead of HTTP TRACE.

I'll give it a shot.


New Member

Re: perform action based on http method.


If they are doing a "GET" then they should not hit the rule with the "TRACE" header field...


CreatePlease to create content