Add context qualifiers with custom signatures to limit
match conditions and reduce false positives.
Qualifiers lessen the chance of false positives by restricting
the locations where the firewall can find a given pattern. In other
words, a signature matches only when the firewall detects the pattern
inside a specific qualifier, which corresponds to a specific context.
For example, you might use the http-method qualifier to specify
that a http-req-uri-path pattern matters when found inside a HTTP
GET method.
FTP Command Qualifiers
FTP Vendor ID Qualifiers
HTTP Header Field
Qualifiers
HTTP Method Qualifiers
IMAP Command Qualifiers
RTSP Method Qualifiers
SMTP Method Qualifiers
FTP
Command Qualifiers
FTP command qualifiers can be added
to custom signatures that use FTP-related contexts to limit a match
condition to specific FTP commands.
ABOR
ACCT
ALLO
APPE
AUTH
CDUP
CWD
DELE
EHLO
ERPT
HELO
LIST
MDTM
MKD
MODE
NLIST
OPTS
PASS
PASV
PBSZ
PORT
PWD
QUIT
REIN
REST
RETR
RMD
RNFR
RNTO
SITE
SIZE
SMNT
STAT
STOR
STOU
STRU
SYST
TEST
TYPE
UNKNOWN-COMMAND
UNLOCK
USER
XCRC
XMD5
XSHA1
FTP
Vendor ID Qualifiers
FTP vendor ID qualifiers can be added
to custom signatures that use FTP-related contexts to limit a match
condition to specific FTP clients.
CEASERFTP
EASY_FILE_SHARING_FTP
FILE_COPA_FTP
FREEFTPD
MICROSOFTFTP
NETTERM
PROFTPD
SERV_U
UNKNOWN_FTP_SERVER
VSFTPD
WARFTPD
WS_FTP
WUFTP
HTTP
Header Field Qualifiers
HTTP header field qualifiers can
be added to custom signatures that use HTTP-related contexts to
limit a match condition to HTTP headers that have specific values
for select header fields.
ACCEPT_LANGUAGE
AUTHORIZATION
CONTENT_ENCODING
CONTENT_LENGTH
CONTENT_TYPE
HOST
IF_MOD_SINCE
SUBSCRIBE_HDR
TRANSFER_ENCODING
UNKNOWN_HDR
X_FORWARD_FOR
HTTP
Method Qualifiers
HTTP method qualifiers can be added
to custom signatures that use HTTP-related contexts to limit a match
condition to HTTP headers that use specific HTTP methods.
BCOPY
BDELETE
BITS_POST
BMOVE
BPROPFIND
BROPPATCH
CCM_POST
CONNECT
COPY
DELETE
GET
HEAD
LINK
LOCK
MCKCOL
MOVE
NOTIFY
OPTIONS
POLL
POST
PROPFIND
PROPPATCH
PROXY_SUCCESS
PUT
RPC_CONNECT
SEARCH
SMS_POST
SOURCE
SUBSCRIBE
TRACE
TRACK
UNKNOWN_METHOD
UNLINK
UNLOCK
UNSUBSCRIBE
IMAP
Command Qualifiers
IMAP command qualifiers can be added
to custom signatures that use IMAP-related contexts to limit a match
condition to specific IMAP commands.
APPEND
AUTHENTICATE
CAPABILITY
CHECK
CLOSE
COPY
CREATE
DELETE
EXAMINE
EXPUNGE
FETCH
FIND
IDLE
LIST
LOGIN
LSUB
NOOP
RENAME
SEARCH
SELECT
STARTTLS
STATUS
SUBSCRIBE
UNKNOWN_COMMAND
UNSUBSCRIBE
RTSP
Method Qualifiers
RTSP method qualifiers can be added
to custom signatures that use RTSP-related contexts to limit a match
condition to specific RTSP methods.
ANNOUNCES
DESCRIBE
GET_PARAMETER
OPTIONS
PAUSE
PLAY
RECORD
REDIRECT
SET_PARAMETER
SETUP
SETUP_PARAMETER
TEAR_DOWN
UNKNOWN_METHOD
SMTP
Method Qualifiers
SMTP method qualifiers can be added
to custom signatures that use SMTP-related contexts to limit a match
condition to specific SMTP methods.
