Documente Academic
Documente Profesional
Documente Cultură
Contents
How String Matching works with Pattern Sets and Data Sets..............................
11
13
A pattern set is an array of indexed patterns used for string matching during default
syntax policy evaluation. Example of a pattern set: imagetypes {svg, bmp, png, gif, tiff,
jpg}.
In many cases, you can use either pattern sets or data sets. However, in cases where you
want specific matches for numerical data or IPv4 and IPv6 addresses, you must use data
sets.
Note: Pattern sets and data sets can be used only in default syntax policies.
To use pattern sets or data sets, first create the pattern set or data set and bind patterns
to it. Then, when you configure a policy for comparing a string in a packet, use an
appropriate operator and pass the name of the pattern set or data set as an argument.
How String Matching works with Pattern Sets and Data Sets
When a compound expression includes hundreds of sub expressions, the above process is
resource intensive. A better alternative is an expression that invokes a pattern set, as
shown in the following figure.
During policy evaluation as shown above, the operator (CONTAINS_ANY) compares the string
identified in the request with the patterns defined in the pattern set until a match is found.
With the Sample_Patset expression, the multiple iterations through six sub expressions
are reduced to just one.
By eliminating the need to configure compound expressions that perform string matching
with multiple OR operations, pattern sets or data sets simplify configuration and accelerate
processing of requests and responses.
You cannot bind the same index value to more than one pattern.
An automatically assigned index value is one number larger than the highest index value
of the existing patterns within the pattern set. For example, if the highest index value
of existing patterns in a pattern set is 104, the next automatically assigned index value
will be 105.
If you do not specify an index for the first pattern, index value 1 is automatically
assigned to that pattern.
Index values are not regenerated automatically if one or more patterns are deleted or
modified. For example, if the set contains five patterns, with indexes from 1 through 5,
and if the pattern with an index of 3 is deleted, the other index values in the pattern
set are not automatically regenerated to produce values from 1 through 4.
The maximum index value that can be assigned to a pattern is 4294967290. If that value
is already assigned to a pattern in the set, you must manually assign index values to any
newly added patterns. An unused index value that is lower than a currently used value
cannot be assigned automatically.
Treat back slash as escape characterSelect this check box to specify that any
backslash characters that you might include in the pattern are to be treated as
escape characters.
6. Repeat steps 4 and 5 to add additional patterns, and then click Create.
10
11
Operator
Description
<text>.CONTAINS_ANY(<name>)
<text>.SUBSTR_ANY(<name>)
<text>.BEFORE_STR_ANY(<name>)
<text>.AFTER_STR_ANY(<name>)
<text>.EQUALS_ANY (<name>)
<text>.ENDSWITH_ANY(<name>)
<text>.STARTSWITH_ANY(<name>)
<text>.ENDSWITH_INDEX(<name>)
<text>.CONTAINS_INDEX(<name>)
12
Sample Usage
To understand the usage of pattern sets in expressions, consider the example of a pattern
set named "imagetypes."
Table 1. Pattern set "imagetypes"
Patterns
Index value
svg
bmp
png
gif
tiff
jpg
6
Example 1: Determine whether the suffix of an HTTP request is one of the file extensions
defined in the "imagetypes" pattern set.
Expression. HTTP.REQ.URL.SUFFIX.EQUALS_ANY("imagetypes")
Result. TRUE
Example 2: Determine whether the suffix of an HTTP request is one of the file extensions
defined in the "imagetypes" pattern set, and return the index of that pattern.
Expression. HTTP.REQ.URL.SUFFIX.EQUALS_INDEX("imagetypes")
Example 3: Use the index value of a pattern to determine whether the URL suffix is within
a specified index-value range.
Example 4: Implement one set of policies for file extensions bmp, jpg, and png, and a
different set of policies for gif, tiff, and svg files.
An expression that returns the index of a matched pattern can be used to define traffic
subsets for a web application. The following two expressions could be used in content
switching policies for a content switching virtual server:
13
Sample Usage
14
HTTP.REQ.URL.SUFFIX.EQUALS_INDEX("imagetypes").LE(3)
HTTP.REQ.URL.SUFFIX.EQUALS_INDEX("imagetypes").GE(4)