condition value (user-defined signature rule view)
Function
The condition value command configures the IPS third-generation engine syntax check item for a user-defined signature.
The undo condition value command deletes the preceding configuration.
This function is supported only by the AC6508 and AC6507S.
Parameters
| Parameter | Description | Value |
|---|---|---|
| text | Specifies the IPS third-generation engine syntax check item of a user-defined signature. | The value is a string. For details, see IPS third-generation engine syntax rule. |
Usage Guidelines
Application Scenario
User-defined signature check items configured using the condition value command use the IPS third-generation IPS engine syntax. The IPS third-generation engine syntax greatly improves the processing efficiency while maintaining the detection accuracy of existing syntax. It is also compatible with common signature rules in the industry for better openness.
Precautions
Each user-defined signature contains a maximum of four rules. Each rule can be configured with only one check item. When a packet matches the check item in a rule, the rule is matched. In addition, multiple rules do not affect each other. As long as a packet matches at least one rule in a signature, the packet matches the signature, regardless of the sequence.
Example
# In the user-defined signature rule named hello, configure the check item for the user-defined signature rule.
<AC6605> system-view [AC6605] ips signature-id 1 [AC6605-ips-signature-1] rule name hello [AC6605-ips-signature-1-rule-hello] condition value content: "javascript"; pcre: "/alert\(.*\)/";
