Custom signature syntax
A custom signature definition is limited to a maximum length of 512 characters. A definition can be a single line or span multiple lines connected by a backslash (\) at the end of each line.
A custom signature definition begins with a header, followed by a set of keyword/value pairs enclosed by parenthesis [( )]. The keyword and value pairs are separated by a semi colon (;) and consist of a keyword and a value separated by a space. The basic format of a definition is HEADER (KEYWORD VALUE;)
You can use as many keyword/value pairs as required within the 512 character limit. To configure a custom signature, go to Security Profiles > Intrusion Protection > IPS Signatues, select Create New and enter the data directly into the Signature field, following the guidance in the next topics.
Table 94: Valid syntax for custom signature fields
Field | Valid Characters | Usage |
HEADER | F-SBID | The header for an attack definition signature. Each custom signature must begin with this header. |
KEYWORD | Each keyword must start with a pair of dashes (--), and consist of a string of 1 to 19 characters. Normally, keywords are an English word or English words connected by an underscore (_). Keywords are case insensitive. | The keyword is used to identify a parameter. |
VALUE | Double quotes (") must be used around the value if it contains a space and/or a semicolon (;). If the value is NULL, the space between the KEYWORD and VALUE can be omitted. Values are case sensitive. Note: If double quotes are used for quoting the value, the double quotes are not considered as part of the value string. | The value is set specifically for a parameter identified by a keyword. |