Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
353
Views
0
Helpful
2
Replies

Regex for Custom Signatures

deloso-dni
Level 4
Level 4

‎04-28-2006 07:20 AM - edited ‎03-10-2019 01:59 AM

Hi,

Can anyone explain the difference between [/\\][Aa][Nn][Dd] and [Aa][Nn][Dd]

Thanks.

Labels:
0 Helpful
2 Replies 2

Fernando_Meza
Level 7
Level 7

‎04-29-2006 09:29 PM

hi [/\\][Aa][Nn][Dd] means matching \\AND or \\and or any other possible combination . This sort of syntax is used for creating customized HTTP signatures which look at the URI for matches.

[Aa][Nn][Dd] means matching AND or and or any other possible combination. This can be used for creating customised signatures that look only for matching characters or words within the inspected traffic.

I hope it helps .. please rate it if it does !!

0 Helpful

jlimbo
Level 1
Level 1

‎05-01-2006 07:27 PM

In short the difference of the first regular expression from the second is if you see ascii character / or \ match. The second regular expression simply matches [Aa][Nn][Dd].

To give you a bit more detail, the [] is a character class which means that with each character within the class an OR is in place. So [Bb] means match B OR b. [/\\] is the same as a hex 0x2f which is ascii / and 0x5c means \. In this case you will notice that there are two 0x5c characters. This is to escape the character since it is a meta character.

Here is a link that may help you further:http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids11/cliguide/cliintro.htm#wp1031526

I hope that helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card