User-Defined Attack Signatures - Rule Section Operators?

Question

Are there Operators like OR,AND,.... for a User-Define Attack Signatures - Rule Section when writing a Rule? Not iRule&nbsp;

nathe · Answer

And definitely, you can list the consituent parts of an attack sig e.g. headercontent:"curl"; nocase; valuecontent:"curl"; norm; would check for curl in the header fields AND curl in a parameter, the attack sig would trigger if both existed.
As for OR - i think you have to use regex for this in the signature (re2 or pcre).
Hope this helps,
N

Forum Discussion

User-Defined Attack Signatures - Rule Section Operators?

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

Active- Active HA setup

syslog server connection

Cannot see floating MAC address outside of ESXi

Rewrite uri translation not working

Related Content

2. SYN Cookie: Operation

Security Operations Center - Helpers Behind the Scenes

Insights of F5 Distributed Cloud WAAP Events Export, New Operators and Trends features

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

Understanding GTM Wide IP Operations