context (Application Identification)

Syntax

Hierarchy Level

[edit services application-identification application application-name over protocol-type signature name member name ]

Release Information

Statement introduced in Junos OS Release 15.1X49-D40.

Description

Specify context for matching application running over TCP, UDP, or Layer 7.

Application identification supports custom application signatures to detect applications as they pass through the device. You can create custom application signatures for applications based on ICMP, IP protocol, IP address, and Layer 7. While configuring custom application signatures, you must specify context values that the device can use to match patterns in the application traffic.

Options

context—Specify the context type. For example, Following options are available in application signature package version 3284.

ftp-content-type—Content type of the transferred file.

ftp-file-name—Filename being transferred.

ftp-greeting-message—First line of the server banner.

ftp-load-way—File transfer way—upload or download.

ftp-method—FTP command sent.

ftp-return-content—Message of server's response.

http-filename—The name of the file being fetched or posted. Extracted if content-disposition field has a filename.

http-get-url-parsed-param-parsed—The decoded, normalized GET URL in an HTTP request along with the decoded CGI parameters (if any).

http-header-content-type —Content-type header in an HTTP transaction.

http-header-cookie—Cookie header in an HTTP transaction.

http-header-host —Host header in an HTTP transaction.

http-header-user-agent—User-agent header in an HTTP transaction.

http-post-url-parsed-param-parsed —Decoded, normalized POST URL in an HTTP request along with the decoded CGI parameters (if any).

http-post-variable-parsed—Decoded POST URL or form data variables.

http-url-parsed—Decoded, normalized URL in an HTTP request.

http-url-parsed-param-parsed—Decoded, normalized URL in an HTTP request along with the decoded CGI parameters (if any).

imap-attach-filename—Name of the file attached.

imap-attach-transfer-encoding—Encoding of the attached content.

imap-attach-type—Content type of the sent attached file

imap-auth-type—Used authentication type.

imap-content-language—Language of the message content.

imap-content-transfer-encoding—The encoding of the content

imap-content-type—Content type of the transferred file.

imap-greeting-message—Greeting message of the server

imap-method—Command sent by the client.

imap-mime-version—Version of the message body format standard used in the mail protocol.

imap-received-by-name—Receiving host name.

imap-received-from-name—Sending host name.

smtp-attach-filename—Attachment file name.

smtp-attach-transfer-encoding—Encoding of the attached content.

smtp-attach-type—Content type of the sent attached file.

smtp-content-language—Language of the message content.

smtp-content-transfer-encoding—Encoding of the content

smtp-content-type—Content type of transferred file

smtp-greeting-message—Greeting message of the server

smtp-method—Command sent by the client.

smtp-mime-version—Version of the message body format standard.

smtp-received-by-name—Name of the receiving host.

smtp-received-from-name—Name of the sending host.

smtp-server—The SMTP server name

ssl-common-name—Domain name in the certificate.

ssl-issuer—Certificate Authority.

ssl-organization-name—Organisation name in the certificate.

ssl-protocol-version—SSL/TLS protocol version chosen by the server.

ssl-server-name—Server name in TLS server name extension or SSL server certificate.

ssl-version—SSL major version in the handshake.

ssl-server-name —Server name in the TLS server name extension or the SSL server certificate. This is also known as Server Name Indication (SNI).

stream —TCP or UDP stream data.

Examples of context types with direction. When configuring custom application signatures, the context-direction combinations as mentioned in Table 1 is supported. Any other combination other than this is not supported.

Table 1: Supported Context-Direction Combination for Custom Application Signatures

Context	Direction
http-get-url-parsed-param-parsed	client-to-server
http-header-host	client-to-server
http-header-user-agent	client-to-server
http-post-url-parsed-param-parsed	client-to-server
http-post-variable-parsed	client-to-server
http-url-parsed	client-to-server
http-url-parsed-param-parsed	client-to-server
ssl-server-name	client-to-server
stream	any/client-to-server/server-to-client
http-header-content-type	any/client-to-server/server-to-client
http-header-cookie	any/client-to-server/server-to-client

Note

If you are planning to upgrade the device to Junos OS release 15.1X49-D60 from the previous versions of the Junos OS, you must change the configuration to the valid combination of context-direction as mentioned in Table 1 to avoid any commit failure and possible disabling of the secondary node.

Required Privilege Level

services—To view this statement in the configuration.

services-control—To add this statement to the configuration.