Cisco Cisco Firepower Management Center 4000

EZBoard.cgi

ezman.cgi

ezadmin.cgi

EZAdmin.cgi

This example would not match:

ezez.cgi

fez.cgi

abcezboard.cgi

ezboardman.cgi

This example searches packet payload for 

mail

, followed by either 

file

 or 

seek

, in URI data.

This example would match:

mailfile.cgi

mailseek.cgi

This example would not match:

MailFile.cgi

mailfilefile.cgi

This example searches packet payload for URI content for a tab or newline character in an HTTP 
request, after any number of characters. This example uses 

m?regex?

 to avoid using 

http\:\/\/

 in 

the expression. Note that the colon is preceded by a backslash.

This example would match:

http://www.example.com?scriptvar=x&othervar=\n\..\..

http://www.example.com?scriptvar=\t

This example would not match:

ftp://ftp.example.com?scriptvar=&othervar=\n\..\..

http://www.example.com?scriptvar=|/bin/sh -i|

This example searches packet payload for a URL with any number of characters, including newlines, 
followed by an equal sign, and pipe characters that contain any number of characters or white space. 
This example uses 

m?regex?

 to avoid using 

http\:\/\/

 in the expression.

This example would match:

http://www.example.com?value=|/bin/sh/ -i|

http://www.example.com?input=|cat /etc/passwd|

This example would not match:

ftp://ftp.example.com?value=|/bin/sh/ -i|

http://www.example.com?value=x&input?|cat /etc/passwd|

This example searches packet payload for any MAC address. Note that it escapes the colon 
characters with backslashes.

Protection