ESR series service routers.ESR-Series. User manual
•
•
Step Description Command Keys
24 Set HTTP protocol keywords for which
the rule will trigger (optional).
Applicable only for protocol http value.
esr(config-ips-category-rule)# ip
http { accept | accept-enc |
accept-lang | client-body |
connection | content-type | cookie |
file-data | header | header-names |
host | method | protocol |
referer | request-line | response-
line | server-body | start |
start-code | start-msg | uri | user-
agent }
See the Suricata 4.X
documentation for the meaning
of the keywords.
https://
suricata.readthedocs.io/en/
suricata-4.1.4/rules/http-
keywords.html
25 Set HTTP protocol URI LEN keyword
value for which the rule will trigger0
(optional).
Applicable only for protocol http value.
esr(config-ips-category-rule)# ip
http urilen <LEN>
<LEN> – takes values in the
range of [0.. 65535].
esr(config-ips-category-rule)# ip
http urilen comparison-operator
{ greater-than | less-than }
Comparison operator for ip http
urilen value:
greater-than – greater
than..
less-than – less than..
26 Set the value of the content of
packages (Payload content) for which
the rule will trigger (optional).
esr(config-ips-category-rule)#
payload content <CONTENT>
<CONTENT> – text message
specified by a string of up to
1024 characters.
27 Do not distinguish between uppercase
and lowercase letters in the description
of package contents (optional).
Only applicable in conjunction with the
payload content command.
esr(config-ips-category-rule)#
payload no-case
28 Set how many bytes from the beginning
of the contents of the packet will be
checked (optional).
Only applicable in conjunction with the
payload content command.
esr(config-ips-category-rule)#
payload depth <DEPTH>
<DEPTH> – the number of
bytes from the beginning of the
packet contents, takes a value
in the range [1 .. 65535].
By default, the entire contents
of the package are checked.
29 Set the number of offset bytes from the
beginning of the contents of the packet
to check (optional).
Only applicable in conjunction with the
payload content command.
esr(config-ips-category-rule)#
payload offset <OFFSET>
<OFFSET> – the number of
offset bytes from the beginning
of the packet contents, takes a
value in the range [1 .. 65535].
By default, it is checked from
the beginning of the content.
30 Set the size of the contents of packets
for which the rule will trigger (optional).
esr(config-ips-category-rule)#
payload data-size <SIZE>
<SIZE> – packet content size,
takes values in the range of [0..
65535].
To Next Page
Loading...