Custom signature syntax
A custom signature definition is limited to a maximum length of 512 characters. A definition can be a single line or span multiple lines connected by a backslash (\) at the end of each line.
A custom signature definition begins with a header, followed by a set of keyword/value pairs enclosed by parenthesis [( )]. The keyword and value pairs are separated by a semi colon (;) and consist of a keyword and a value separated by a space. The basic format of a definition is HEADER (KEYWORD VALUE;)
You can use as many keyword/value pairs as required within the 512 character limit. To configure a custom signature, go to Security Profiles > Intrusion Protection > IPS Signatues, select Create New and enter the data directly into the Signature field, following the guidance in the next topics.
Table 67 shows the valid characters and basic structure. For details about each keyword and its associated values, see
“Custom signature keywords”.
Table 67: Valid syntax for custom signature fields
Field | Valid Characters | Usage |
HEADER | F-SBID | The header for an attack definition signature. Each custom signature must begin with this header. |
KEYWORD | Each keyword must start with a pair of dashes (--), and consist of a string of 1 to 19 characters. Normally, keywords are an English word or English words connected by an underscore (_). Keywords are case insensitive. | The keyword is used to identify a parameter. See “Custom signature keywords” for tables of supported keywords. |
VALUE | Double quotes (") must be used around the value if it contains a space and/or a semicolon (;). If the value is NULL, the space between the KEYWORD and VALUE can be omitted. Values are case sensitive. Note: If double quotes are used for quoting the value, the double quotes are not considered as part of the value string. | The value is set specifically for a parameter identified by a keyword. |