P
P
Product Manual - 2.X
v2.20
Search…
⌃K

Custom Signature

For creating custom matching conditions
This feature is being replaced with Tag Rules, which are more flexible and have more capabilities. For now, Custom Signatures are still being supported. However, it is recommended that you do not create any new Custom Signatures, as they will be deprecated in the future.

Overview

Custom signatures are custom matching conditions that you can use in ACL Policies to evaluate client requests.
These allow the administrator to "catch" traffic based on any parameter in the request or the response. They can be used in a number of situations. Some examples:
  1. 1.
    "Virtual patching": Identifying an incoming exploit attempt for a newly-discovered vulnerability in the upstream network.
  2. 2.
    Identifying logged-in admin users, so that their requests can be Bypassed.
  3. 3.
    Identifying specific patterns of traffic that are suspected to be malicious, so they can be blocked.
  4. 4.
    Identifying specific types of requests (e.g., XMLHttpRequest), so they can be blocked from specific sections of a website.

Custom Signature Management

Signatures that have already been defined are listed in the left column, while you can edit and create new ones on the right. Once a Signature has been created, it will be available in the New Rule section within the ACL Policies tab.
Admins can create new Custom Signatures, as discussed below. Admins can also edit the Signatures that are included out of the box in a new deployment.
Some Custom Signatures are provided and maintained by Reblaze, and are read-only. These are designated by the Reblaze icon
.
Out of the box, Reblaze's Custom Signatures are named with a prefix of CS. This naming convention is recommended when creating/editing new Signatures, but it is not mandatory.
There are several Reblaze-maintained Custom Signatures which are templates (designated by the prefix CST). If you do not wish to see them on this page, they can be hidden by selecting the Hide Templates checkbox on the upper right. These templates are used by the Create New Site wizard, and can also be assigned to ACL Policies.

Custom Signature Administration

To create a Custom Signature, click the Create New button toward the top of the screen, and then choose Custom Signature. Or select an existing one and choose Duplicate, then edit the newly-created copy.
To clone a Custom Signature, select the Duplicate option.
Custom Signatures give you tremendous power and flexibility for evaluating your traffic. They are composed of one or more matching conditions, which can be combined using Boolean AND/OR operators.
When you first create a Signature, one condition appears for editing. If you wish to create more than one, click on the Append Condition button at the bottom. This will add another condition for editing.
You can continue for as many conditions as you want. The conditions will be evaluated according to the Boolean operator specified by the Condition Type selector.

Custom Signature components

Each matching condition combines the entries in Either one of the following fields and Is matching with.

Possible entries for Either one of the following fields:

Field Name
Description
Args
Arguments in the request’s header
Arg Names
Argument names in the request’s header
Autonomous System Number (ASN)
The ASN for a specific entity
Country Name / City
Geolocation
Host Name
Destination Hostname
Query String
Regex value inside the query string
Referer
Referer / Via values
Remote Address
Client Address in the request
Request Cookies
Cookie in the request’s header
Request Cookies Names
Cookie names in the request’s header
Request Filename
The GET request resource
Request Headers
Specific headers inside the requests
Request Headers Names
Scan the request for specific header values
Request Method
An HTTP method: PUT, POST, GET, etc.
Request Protocol
HTTP / HTTPS
Request URI
The URI of the resource being requested
User Agent
The User-Agent of the requestor

Entries in Is matching with

This text box accepts strings or PCRE (Perl Compatible Regular Expressions).
An explanation and some examples are here: Pattern Matching Syntax.