Filter
Top Products
App Control Use Cases
687
SonicOS 5.8.1 Administrator Guide
Wireshark will jump to the first frame that contains the requested data. You should see
something like the screen shown below. This indicates that the HTTP POST method is
transmitted immediately after the TCP header information and is comprised of the first four
bytes (504f5354) of the TCP payload (HTTP application layer). You can use that information to
create a custom match object that detects the HTTP POST method.
In the SonicOS management interface, navigate to Firewall > Match Objects, and then click
Add New Match Object. Create a match object like the one shown below. Notice that in this
particular match object you would use the Enable Settings feature to create an object that
matches a specific part of the payload. The Offset field specifies which byte in the payload to
begin matching and helps to minimize false positives by making the match more specific. The
Depth field specifies at what byte to stop matching. The Min and Max fields allow you to specify
a minimum and maximum payload size.