What L7 signature options are there?
Some Layer 7 signatures have additional options that allow you to define application objects based on specific parts of that L7layer 7, the application layer of the OSI Signature. When configuring new application object, the L7 signatures followed by '--->' in the drop-down list have additional options. Most provide options that you simply select from. Some require a selection plus additional information. The following table explains the various options that require more than simply picking an option.
NOTE
Citrix-based sub-types are no longer supported.
| Layer 7 Signature | Sub-Type | Description | ||||
|---|---|---|---|---|---|---|
| (direct download link) | host | Allows you to define an Application Object based on the 'host' field in the HTTP header. | ||||
| flash | host | Allows you to define an Application Object based on the 'host' field in the HTTP header (where flash is running over http). | ||||
| http | content_type | Allows you to define an Application Object based on the 'content-type' field in the HTTP header. | ||||
| file | Allows you to define an Application Object based on the filename requested in the HTTP URL. | |||||
| host | Allows you to define an Application Object based on the 'host' field in the HTTP header. | |||||
| method | Allows you to define an Application Object based on the HTTP method (e.g. GET PUT HEAD DELETE). | |||||
| user_agent | Allows you to define an Application Object based on the 'user-agent' field in the HTTP header. | |||||
| advanced |
Define custom criteria with the following syntax:
|
|||||
| Description | Syntax | Example | ||||
| equals |
<keyword> = <value> |
host = "example.com" |
||||
| does not equal |
<keyword> != <value> |
host != "example.com" |
||||
| contains substring |
<keyword> =% <value> |
host =% "example.com" |
||||
| does not contain substring |
<keyword> !% <value> |
host !% "example.com" |
||||
| Right side is a regular expression and it matches the full left side |
<keyword> =~ <value> |
host =~ "example.*" |
||||
| Right side is a regular expression and it does not match the full left side |
<keyword> !~ <value> |
host !~ "example.*" |
||||
Examples:
|
||||||
| mpeg | host | Allows you to define an Application Object based on the 'host' field in the HTTP header (where mpeg is running over http). | ||||
| quicktime | host | Allows you to define an Application Object based on the 'host' field in the HTTP header (where quicktime is running over http). | ||||
| silverlight | host | Allows you to define an Application Object based on the 'host' field in the HTTP header (where silverlight is running over http). | ||||
| ssl | common_name | Allows you to define an Application Object based on the 'common name' field in the SSL certificate. | ||||
| advanced |
Define custom criteria with the following syntax:
|
|||||
| Description | Syntax | Example | ||||
| equals |
<keyword> = <value> |
common_name = "John" |
||||
| does not equal |
<keyword> != <value> |
common_name != "John" |
||||
| contains substring |
<keyword> =% <value> |
common_name =% "John" |
||||
| does not contain substring |
<keyword> !% <value> |
common_name !% "John" |
||||
| Right side is a regular expression and it matches the full left side |
<keyword> =~ <value> |
common_name =~ "John*" |
||||
| Right side is a regular expression and it does not match the full left side |
<keyword> !~ <value> |
common_name !~ "John*" | ||||
|
||||||
| organization_name | Allows you to define an Application Object based on the 'organization' name field in the SSL certificate. | |||||
| spdy | This field should remain empty as any values typed here are ignored. | |||||
| rtp | codec | Allows you to define an Application Object based on the 'codec' used in a RTP stream. | ||||
| windowsmedia | host | Allows you to define an Application Object based on the 'host' field in the HTTP header (where windowsmedia is running over http). | ||||