Cisco Cisco Firepower Management Center 4000

Do not use the U option in combination with the R option. This could cause performance problems. Also, 
do not use the U option in combination with any other HTTP content option ( I, P, H, D, M, C, K, S, or Y).

Protection

The following examples show values that you could enter for 

pcre

, with descriptions of what each 

example would match.

This example searches packet payload for 

feedback

, followed by zero or one numeric character, 

followed by 

.cgi

, and located only in URI data.

This example would match:

feedback.cgi 

feedback1.cgi

feedback2.cgi 

feedback3.cgi

This example would not match:

feedbacka.cgi

feedback11.cgi

feedback21.cgi

feedbackzb.cgi

This example searches packet payload for 

ez

 at the beginning of a string, followed by a word of 3 

to 5 letters, followed by 

.cgi

. The search is case-insensitive and only searches URI data.

This example would match:

K

When the HTTP Inspect preprocessor 

 option is enabled, searches for the raw content within 

any cookie in an HTTP request header, and also within any set-cookie in an HTTP response header when the 
preprocessor 

 option is enabled. When 

 is not enabled, searches the entire 

header, including the cookie or set-cookie data. 

Note the following:

Cookies included in the message body are treated as body content. 

You cannot use this option in combination with the 

content

 keyword 

 option to search the 

same content. See 

 for more information.

The 

Cookie:

 and 

Set-Cookie:

 header names, leading spaces on the header line, and the 

CRLF

 that terminates 

the header line are inspected as part of the header and not as part of the cookie.

S

Searches the 3-digit status code in an HTTP response. See the 

content

 keyword 

 option in 

 for more information.

Y

Searches the textual description that accompanies the status code in an HTTP response. See the 

content

 keyword 

 option in 

 for more information.