Focus
Focus
Table of Contents

Context Qualifiers

Add context qualifiers with custom signatures to limit match conditions and reduce false positives.
Qualifiers lessen the chance of false positives by restricting the locations where the firewall can find a given pattern. In other words, a signature matches only when the firewall detects the pattern inside a specific qualifier, which corresponds to a specific context. For example, you might use the http-method qualifier to specify that a http-req-uri-path pattern matters when found inside a HTTP GET method.

FTP Command Qualifiers

FTP command qualifiers can be added to custom signatures that use FTP-related contexts to limit a match condition to specific FTP commands.
ABORACCTALLOAPPEAUTHCDUPCWD
DELEEHLOERPTHELOLISTMDTMMKD
MODENLISTOPTSPASSPASVPBSZPORT
PWDQUITREINRESTRETRRMDRNFR
RNTOSITESIZESMNTSTATSTORSTOU
STRUSYSTTESTTYPEUNKNOWN-COMMANDUNLOCKUSER
XCRCXMD5XSHA1

FTP Vendor ID Qualifiers

FTP vendor ID qualifiers can be added to custom signatures that use FTP-related contexts to limit a match condition to specific FTP clients.
CEASERFTPEASY_FILE_SHARING_FTPFILE_COPA_FTPFREEFTPDMICROSOFTFTPNETTERM
PROFTPDSERV_UUNKNOWN_FTP_SERVERVSFTPDWARFTPDWS_FTP
WUFTP

HTTP Header Field Qualifiers

HTTP header field qualifiers can be added to custom signatures that use HTTP-related contexts to limit a match condition to HTTP headers that have specific values for select header fields.
ACCEPT_LANGUAGEAUTHORIZATIONCONTENT_ENCODINGCONTENT_LENGTHCONTENT_TYPEHOST
IF_MOD_SINCESUBSCRIBE_HDRTRANSFER_ENCODINGUNKNOWN_HDRX_FORWARD_FOR

HTTP Method Qualifiers

HTTP method qualifiers can be added to custom signatures that use HTTP-related contexts to limit a match condition to HTTP headers that use specific HTTP methods.
BCOPYBDELETEBITS_POSTBMOVEBPROPFINDBROPPATCHCCM_POST
CONNECTCOPYDELETEGETHEADLINKLOCK
MCKCOLMOVENOTIFYOPTIONSPOLLPOSTPROPFIND
PROPPATCHPROXY_SUCCESSPUTRPC_CONNECTSEARCHSMS_POSTSOURCE
SUBSCRIBETRACETRACKUNKNOWN_METHODUNLINKUNLOCKUNSUBSCRIBE

IMAP Command Qualifiers

IMAP command qualifiers can be added to custom signatures that use IMAP-related contexts to limit a match condition to specific IMAP commands.
APPENDAUTHENTICATECAPABILITYCHECKCLOSECOPYCREATE
DELETEEXAMINEEXPUNGEFETCHFINDIDLELIST
LOGINLSUBNOOPRENAMESEARCHSELECTSTARTTLS
STATUSSUBSCRIBEUNKNOWN_COMMANDUNSUBSCRIBE

RTSP Method Qualifiers

RTSP method qualifiers can be added to custom signatures that use RTSP-related contexts to limit a match condition to specific RTSP methods.
ANNOUNCESDESCRIBEGET_PARAMETEROPTIONSPAUSE
PLAYRECORDREDIRECTSET_PARAMETERSETUP
SETUP_PARAMETERTEAR_DOWNUNKNOWN_METHOD

SMTP Method Qualifiers

SMTP method qualifiers can be added to custom signatures that use SMTP-related contexts to limit a match condition to specific SMTP methods.
AUTHBDATDATAEHLOHELOMAILQUIT
RCPTRSETSAMLSENDSOMLSTARTTLSUNKNOWN_CMD
USERVRFYXEXCH50XEXPSXLINK2STATEXTELLMAIL