Match Object Type Reference

Application Category List

Allows specification of application categories, such as Multimedia., P2P, or Social Networking

Allows specification of individual applications within the application category that you select

Application Categories – select the category from a pull-down list of application categories

Application List

Application Signature List

Application Categories – see above;

Application – select the specific application from the pull-down list

Allows specification of individual signatures for the application and category that you select

Allows specification of allowed and forbidden domains for Content Filtering

Application Categories – see above;

Application – see above;

Application Signature – select the specific signature from the pull-down list

CFS Allow/Forbidden List

Allows selection of one or more Content Filtering categories

CFS Category List

A list of 64 categories is provided to choose from

Custom Object

Allows specification of an IPS-style custom set of conditions.

Exact

There are 4 additional, optional parameters that can be set: Offset (describes from what byte in packet payload we should start matching the pattern – starts with 1; helps minimize false positives in matching), Depth (describes at what byte in the packet payload we should stop matching the pattern – starts with 1), Payload Size – Minimum and Maximum size of data in a packet.

Email Body

Any content in the body of an email.

Partial

Any content in the CC MIME Header.

Email CC (MIME Header)

Any content in the From MIME Header.

Email From (MIME Header)

Allows specification of the maximum email size that can be sent.

Email Size

Email Subject (MIME Header)

Email Size – the number of bytes in the email

Any content in the Subject MIME Header.

Any content in the To MIME Header.

Email To (MIME Header)

Allows for creation of MIME custom headers.

MIME Custom Header

A Custom header name needs to be specified.

File Content

Allows specification of a pattern to match in the content of a file. The pattern will be matched even if the file is compressed.

Partial

‘Disable attachment’ action should never be applied to this object.

Filename

In cases of email, this is an attachment name. In cases of HTTP, this is a filename of an uploaded attachment to the Web mail account. In cases of FTP, this is a filename of an uploaded or downloaded file.

In cases of email, this is an attachment filename extension. In cases of HTTP, this is a filename extension of an uploaded attachment to the Web mail account. In cases of FTP, this is a filename extension of an uploaded or downloaded file.

Filename Extension

Allows selection of specific FTP commands.

Allows selection of specific FTP commands and specification of their values.

Command – the FTP command, such as ABORT, DELETE, GET, PASSWORD, RESTART, QUIT, SIZE. Type HELP for the complete list of commands.

FTP Command + Value

Allows specification of a Cookie sent by a browser.

Command (see above);

Argument – a value you type in, such as the filename to GET/PUT or the directory name used with MKDIR

HTTP Cookie Header

HTTP Host Header

Content found inside of the HTTP Host header. Represents hostname of the destination server in the HTTP request, such as www.google.com.

Allows specification of content of a Referrer header sent by a browser – this can be useful to control or keep stats of which Web sites redirected a user to customer’s Web site.

HTTP Referrer Header

HTTP Request Custom Header

Allows handling of custom HTTP Request headers.

HTTP Response Custom Header

Custom Header Name – Specify a custom header name.

Allows handling of custom HTTP Response headers.

Set-Cookie headers. Provides a way to disallow certain cookies to be set in a browser.

Custom Header Name – Specify a custom header name.

HTTP Set Cookie

Any content found inside of the URI in the HTTP request.

HTTP URI Content

Any HTTP URL that needs to be matched.

HTTP URL

Partial, Regex, Exact, Prefix, Suffix

Any content inside of a User-Agent header. For example: User-Agent: Skype.

HTTP User-Agent

Any content inside of a MIME header.

MIME Custom Header

Allows selection of specific Web browsers (MSIE, Netscape, Firefox, Safari, Chrome).

Custom Header Name – Specify the MIME header name to match.

Web Browser

IPS Signature Category List

Browser – Specify the browser type; choose from MSIE, Netscape, Firefox, Safari, Chrome

Allows selection of one or more IPS signature groups. Each group contains multiple pre-defined IPS signatures.

Allows selection of one or more specific IPS signatures for enhanced granularity.

IDP Categories – choose from the a pull-down list of IPS attack categories, including ACTIVEX, EXPLOIT, JAVA, LDAP, MEDIA-PLAYERS, SQL-INJECTION, WEB-ATTACKS, and others

IPS Signature List