FTP traffic destined to the FTP server should not be able to execute the following commands:
To achieve the desired result following configuration is required using MPF
1. Create a new policy map type with match-request as desired commands and action as reset.
Policy-map type inspect FTP FTPCommands Match-request command put rmd rnfr dele Reset
2. Configure a TCP based access-list with source as any and destination as FTP Server with port number 21.
access-list FTP-S permit tcp any host 188.8.131.52 eq 21
3. Now create a new class-map and call the access-list that was configured in step 2
class-map FTP-S match access-list FTP-S
4. Final step is to call the class-map in global policy for inspection with "strict" option.
policy-map global_policy class FTP-S inspect FTP strict FTPCommands
Assuming that Service policy is already assigned globally, FTP commands will be blocked by ASA now.