для Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
1124
Understanding and Writing Intrusion Rules
Understanding Keywords and Arguments in Rules
Chapter 30
Example PCRE Keyword Values
L
ICENSE
: Protection
The following examples show values that you could enter for
pcre
, with
descriptions of what each example would match.
•
/feedback[(\d{0,1})]?\.cgi/U
This example searches packet payload for
feedback
, followed by zero or
one numeric character, followed by
.cgi
, and located only in URI data.
This example would match:
•
•
feedback.cgi
•
feedback1.cgi
•
feedback2.cgi
•
feedback3.cgi
This example would not match:
•
•
feedbacka.cgi
•
feedback11.cgi
•
feedback21.cgi
•
feedbackzb.cgi
•
/^ez(\w{3,5})\.cgi/iU
This example searches packet payload for
ez
at the beginning of a string,
followed by a word of 3 to 5 letters, followed by
.cgi
. The search is
case-insensitive and only searches URI data.
This example would match:
•
This example would match:
•
EZBoard.cgi
•
ezman.cgi
•
ezadmin.cgi
•
EZAdmin.cgi
This example would not match:
•
•
ezez.cgi
•
fez.cgi
•
abcezboard.cgi
•
ezboardman.cgi
•
/mail(file|seek)\.cgi/U
This example searches packet payload for
mail
, followed by either
file
or
seek
, in URI data.
This example would match:
•
•
mailfile.cgi
•
mailseek.cgi
This example would not match:
•
•
MailFile.cgi
•
mailfilefile.cgi