The regular expressions entered in this section guard against the
possibility of a message attribute containing malicious content. The
Enter Threatening Content Regular Expression table
lists the Black list of regular expressions that
are run against all message attributes.
For example, to guard against a SQL DELETE attack, you can
write a regular expression to identify SQL syntax and add to this list.
The Threatening Content Regular Expressions are listed
in a table. All of these expressions are run against
all message attributes configured in the Regular
Expression table above. If the expression matches any
attribute values, the filter fails.
Important Note:
If any regular expressions are configured in the
Message Attribute Regular Expressions section, these expressions are run
before the Threatening Content Regular Expressions (TCRE)
are run. For example, if you have already configured a regular expression to
extract the Base64-decoded attribute value, the TCRE is run against this value
instead of the attribute value stored in the message.
You can add threatening content regular expressions using the Add
button. You can edit or remove existing expressions by selecting them in the
drop-down list, and clicking the Edit or Delete
button.
You can enter the regular expressions manually or select them from the global
Black list library of threatening content regular expressions.
This library is pre-populated with regular expressions that scan for common attack
signatures. These include expressions to guard against common SQL injection-style
attacks (for example, SQL INSERT , SQL DELETE , and so on),
buffer overflow attacks (content longer than 1024 characters), and the presence of
control characters in attribute values (ASCII control characters).
Enter or select an appropriate regular expression to scan all message attributes
for threatening content. You can add a regular expression to the library by selecting
the Add/Edit button. Enter a Name for the expression
followed by the Regular Expression.
|