Link11 WAAP
v2.16
v2.16
  • Link11 WAAP v2.16 Portal
  • Introduction
  • Getting Started
  • Setup Checklists
  • Marketplace onboarding
  • Console UI Walkthrough
    • General UI flow
    • Traffic
      • Traffic Concepts
      • Dashboard
      • View Log
    • Security
      • Security Section Concepts
      • Dynamic Rules
      • Quarantined
      • Profiles
        • Profile Concepts
        • Profiles
        • ACL Policies
        • WAF/IPS Policies
        • Custom Signature
      • Args Analysis
      • Tag Rules
      • Rate Limiting
      • Cloud Functions
    • Settings
      • Web Proxy
      • Backend Services
      • Error Pages
      • SSL
      • DNS
      • Planet Overview
      • Account
  • Using the product
    • Best Practices
      • Saving and Publishing Your Changes
      • Enabling Passive Challenges
      • Using the Reblaze Query Box
      • Understanding and Diagnosing Traffic Issues
    • How Do I...
      • Ban, Unban, and Whitelist Traffic Sources
      • Bypass Rate Limits for Loadtesting
      • Control Caching Behavior
      • Filter by Content
      • Quickly Block an Attacker
      • Secure Traffic from a Third-Party Page
      • Set Rate Limits and Exemptions
      • Set up SIEM/SOC integration
      • Video Tutorials
        • DNS Training
    • API
      • Reblaze REST API
      • Mobile SDK
  • Reference Information
    • Access log-structure
    • Acronyms
    • Deployment Terminology
    • Hostile Bot Detection / RCSI
      • Environmental detection and browser verification
      • Client authentication
      • Biometric behavioral verification
    • HTTP Response Codes
    • Pattern Matching Syntax
    • Signatures
    • Tags
    • TTL Expression Syntax
  • Support
Powered by GitBook
On this page
  • Possible entries for Either one of the following fields:
  • Entries in Is matching with
  • Creating custom signatures

Was this helpful?

Export as PDF
  1. Console UI Walkthrough
  2. Security
  3. Profiles

Custom Signature

For creating custom matching conditions

PreviousWAF/IPS PoliciesNextArgs Analysis

Last updated 3 years ago

Was this helpful?

Starting with version 2.14, this feature is being replaced with , which is more flexible and has more capabilities. For now, Custom Signatures are still being supported. However, it is recommended that you do not create any new Custom Signatures, as they will be deprecated in the future.

Custom signatures are custom matching conditions that you can use in Rules and Policies to evaluate client requests.

These allow the administrator to "catch" traffic based on any parameter in the request or the response. They can be used in a number of situations. Some examples:

  1. "Virtual patching": Identifying an incoming exploit attempt for a newly-discovered vulnerability in the upstream network.

  2. Identifying logged-in admin users, so that their requests can be Bypassed.

  3. Identifying specific patterns of traffic that are suspected to be malicious, so they can be blocked.

  4. Identifying specific types of requests (e.g., XMLHttpRequest), so they can be blocked from specific sections of a website.

Custom Signatures give you tremendous power and flexibility for evaluating your traffic. They are composed of one or more matching conditions, which can be combined using Boolean AND/OR operators.

Each matching condition combines the entries in Either one of the following fields and Is matching with.

Possible entries for Either one of the following fields:

Field Name

Description

Args

Arguments in the request’s header

Arg Names

Argument names in the request’s header

Autonomous System Number (ASN)

The ASN for a specific entity

Country Name / City

Geolocation

Host Name

Destination Hostname

Query String

Regex value inside the query string

Referer

Referer / Via values

Remote Address

Client Address in the request

Request Cookies

Cookie in the request’s header

Request Cookies Names

Cookie names in the request’s header

Request Filename

The GET request resource

Request Headers

Specific headers inside the requests

Request Headers Names

Scan the request for specific header values

Request Method

An HTTP method: PUT, POST, GET, etc.

Request Protocol

HTTP / HTTPS

Request URI

The URI of the resource being requested

User Agent

The User-Agent of the requestor

Entries in Is matching with

This text box accepts strings or PCRE (Perl Compatible Regular Expressions).

Creating custom signatures

When you first create a Signature, one condition appears for editing. If you wish to create more than one, click on the Append Condition button at the bottom. This will add another condition for editing.

You can continue for as many conditions as you want. The conditions will be evaluated according to the Boolean operator specified by the Condition Type selector.

Signatures that have already been defined are listed in the left column, while you can edit and create new ones on the right. Once a Signature has been created, it will be available in the section within the tab.

An explanation and some examples are here: .

Pattern Matching Syntax
Session Profiling
ACL Policies
New Rule