Focus
Focus
Table of Contents

Context Qualifiers

Add context qualifiers with custom signatures to limit match conditions and reduce false positives.
Qualifiers lessen the chance of false positives by restricting the locations where the firewall can find a given pattern. In other words, a signature matches only when the firewall detects the pattern inside a specific qualifier, which corresponds to a specific context. For example, you might use the http-method qualifier to specify that a http-req-uri-path pattern matters when found inside a HTTP GET method.

FTP Command Qualifiers

FTP command qualifiers can be added to custom signatures that use FTP-related contexts to limit a match condition to specific FTP commands.
ABOR
ACCT
ALLO
APPE
AUTH
CDUP
CWD
DELE
EHLO
ERPT
HELO
LIST
MDTM
MKD
MODE
NLIST
OPTS
PASS
PASV
PBSZ
PORT
PWD
QUIT
REIN
REST
RETR
RMD
RNFR
RNTO
SITE
SIZE
SMNT
STAT
STOR
STOU
STRU
SYST
TEST
TYPE
UNKNOWN-COMMAND
UNLOCK
USER
XCRC
XMD5
XSHA1

FTP Vendor ID Qualifiers

FTP vendor ID qualifiers can be added to custom signatures that use FTP-related contexts to limit a match condition to specific FTP clients.
CEASERFTP
EASY_FILE_SHARING_FTP
FILE_COPA_FTP
FREEFTPD
MICROSOFTFTP
NETTERM
PROFTPD
SERV_U
UNKNOWN_FTP_SERVER
VSFTPD
WARFTPD
WS_FTP
WUFTP

HTTP Header Field Qualifiers

HTTP header field qualifiers can be added to custom signatures that use HTTP-related contexts to limit a match condition to HTTP headers that have specific values for select header fields.
ACCEPT_LANGUAGE
AUTHORIZATION
CONTENT_ENCODING
CONTENT_LENGTH
CONTENT_TYPE
HOST
IF_MOD_SINCE
SUBSCRIBE_HDR
TRANSFER_ENCODING
UNKNOWN_HDR
X_FORWARD_FOR

HTTP Method Qualifiers

HTTP method qualifiers can be added to custom signatures that use HTTP-related contexts to limit a match condition to HTTP headers that use specific HTTP methods.
BCOPY
BDELETE
BITS_POST
BMOVE
BPROPFIND
BROPPATCH
CCM_POST
CONNECT
COPY
DELETE
GET
HEAD
LINK
LOCK
MCKCOL
MOVE
NOTIFY
OPTIONS
POLL
POST
PROPFIND
PROPPATCH
PROXY_SUCCESS
PUT
RPC_CONNECT
SEARCH
SMS_POST
SOURCE
SUBSCRIBE
TRACE
TRACK
UNKNOWN_METHOD
UNLINK
UNLOCK
UNSUBSCRIBE

IMAP Command Qualifiers

IMAP command qualifiers can be added to custom signatures that use IMAP-related contexts to limit a match condition to specific IMAP commands.
APPEND
AUTHENTICATE
CAPABILITY
CHECK
CLOSE
COPY
CREATE
DELETE
EXAMINE
EXPUNGE
FETCH
FIND
IDLE
LIST
LOGIN
LSUB
NOOP
RENAME
SEARCH
SELECT
STARTTLS
STATUS
SUBSCRIBE
UNKNOWN_COMMAND
UNSUBSCRIBE

RTSP Method Qualifiers

RTSP method qualifiers can be added to custom signatures that use RTSP-related contexts to limit a match condition to specific RTSP methods.
ANNOUNCES
DESCRIBE
GET_PARAMETER
OPTIONS
PAUSE
PLAY
RECORD
REDIRECT
SET_PARAMETER
SETUP
SETUP_PARAMETER
TEAR_DOWN
UNKNOWN_METHOD

SMTP Method Qualifiers

SMTP method qualifiers can be added to custom signatures that use SMTP-related contexts to limit a match condition to specific SMTP methods.
AUTH
BDAT
DATA
EHLO
HELO
MAIL
QUIT
RCPT
RSET
SAML
SEND
SOML
STARTTLS
UNKNOWN_CMD
USER
VRFY
XEXCH50
XEXPS
XLINK2STATE
XTELLMAIL

Recommended For You