< Home

signature (user-defined application rule view)

Function

The signature command configures a user-defined application signature.

The undo signature command deletes a user-defined application signature.

Format

signature context { flow | packet } direction { request | response | both } { plain-string plain-string | regular-expression regular-expression } [ field field ]

undo signature

Parameters

Parameter Description Value

context

Indicates signature context.

-

flow

Indicates flow-based matching.

-

packet

Indicates packet-based matching.

-

request

Indicates that the detection direction is the request direction.

-

response

Indicates that the detection direction is the response direction.

-

both

Indicates that the detection direction is both directions.

-

plain-string plain-string

Specifies a plain-text string.

The value is a case-sensitive string of 3 to 128 characters. If the keyword contains any space and question mark (?), the value is a string of 5 to 130 characters and must be enclosed with double quotation marks (""), for example, "GET w?". If the keyword contains quotation marks, replace the quotation marks with \x22, for example, to set keyword abc"d, enter abc\x22d.

regular-expression regular-expression

Specifies a regular expression.

The value is a case-sensitive string of 3 to 128 characters. If the regular expression contains any space and question mark (?), the value is a string of 5 to 130 characters and must be enclosed with double quotation marks (""), for example, "GET w?". If the regular expression contains quotation marks, replace the quotation marks with \x22, for example, to set regular expression abc"d, enter abc\x22d.

field

Specifies a protocol field to search for a signature.
  • When the protocol is TCP and the keyword is a regular expression, the following fields can be searched: General-payload, HTTP.Body, HTTP.Content-Type, HTTP.Cookie, HTTP.Host, HTTP.Method, HTTP.URI, and HTTP.User-Agent.
  • When the protocol is TCP and the keyword is a character string, the General-payload field can be searched.
  • When the protocol is UDP, the General-payload field can be searched.

Views

User-defined application rule view

Default Level

2: Configuration level

Usage Guidelines

You can configure only one signature for each user-defined application rule.

Example

# Configure regular expression GET.ab{3}c for the signature in user-defined application rule rule1, configure flow-based matching mode, and set the detection direction to request.
<sysname> system-view
[sysname] sa
[sysname-sa] user-defined-application name UD_abc
[sysname-sa-user-defined-app-UD_abc] rule name rule1
[sysname-sa-user-defined-app-UD_abc-rule-rule1] protocol tcp
[sysname-sa-user-defined-app-UD_abc-rule-rule1] signature context flow direction request regular-expression GET.ab{3}c field HTTP.Body
Parent Topic: Application and Application Group Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >