Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Documentation Search

     
     

    Example: Using the Within Bytes or Within Packets Constraint with Signature Attack Objects

    With signature attack objects, you can use within bytes or within packets constraints to optimize inspection processing when you know the complete attack pattern occurs either within a specified range of bytes or packets or not at all. Inspection for this object terminates when the range limit is reached.

    For example, if you know a pattern is a threat only if it occurs within the first 20 bytes of the http-variable context, you set the context to http-variable, and use the within bytes constraint to inspect bytes 1-20 of the generated http-variable context.

    You can set multiple constraints. The constraints are evaluated as a Boolean OR. For example, suppose you configure two start-of-stream constraints with byte ranges of 20-40 and 80-100. The signature matches only if the pattern is found within bytes 20-40 or within bytes 80-100 from the start of the stream.

     
     

    Published: 2011-02-08