f5_sample.txt

apm apm-avr-config apm-avr-config { }
apm epsec epsec-package epsec-1.0.0-679.0.iso {
    checksum SHA1:73635840:359c8fbc9de65fbb4ea48075071b4b7abd8f0b47
    create-time 2018-08-10:15:53:36
    last-update-time 2018-03-28:22:11:42
    mode 33188
    oesis-version 4.2.1439.0
    revision 1
    size 73635840
    updated-by root
    version 1.0.0-679.0
}
apm report default-report {
    report-name sessionReports/sessionSummary
    user admin
}
asm policy RHWeb_Base_ASM_Policy {
    active
    encoding utf-8
}
asm policy wordpress_template {
    encoding utf-8
}
asm predefined-policy POLICY_TEMPLATE_ACTIVESYNC_V1_0_V2_0_HTTP { }
asm predefined-policy POLICY_TEMPLATE_ACTIVESYNC_V1_0_V2_0_HTTPS { }
asm predefined-policy POLICY_TEMPLATE_LOTUSDOMINO_6_5_HTTP { }
asm predefined-policy POLICY_TEMPLATE_LOTUSDOMINO_6_5_HTTPS { }
asm predefined-policy POLICY_TEMPLATE_ORACLE_10G_PORTAL_HTTP { }
asm predefined-policy POLICY_TEMPLATE_ORACLE_10G_PORTAL_HTTPS { }
asm predefined-policy POLICY_TEMPLATE_ORACLE_APPLICATIONS_11I_HTTP { }
asm predefined-policy POLICY_TEMPLATE_ORACLE_APPLICATIONS_11I_HTTPS { }
asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2003_HTTP { }
asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2003_HTTPS { }
asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2003_WITH_ACTIVESYNC_HTTP { }
asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2003_WITH_ACTIVESYNC_HTTPS { }
asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2007_HTTP { }
asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2007_HTTPS { }
asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2007_WITH_ACTIVESYNC_HTTP { }
asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2007_WITH_ACTIVESYNC_HTTPS { }
asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2010_HTTP { }
asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2010_HTTPS { }
asm predefined-policy POLICY_TEMPLATE_PEOPLESOFT_PORTAL_9_HTTP { }
asm predefined-policy POLICY_TEMPLATE_PEOPLESOFT_PORTAL_9_HTTPS { }
asm predefined-policy POLICY_TEMPLATE_RAPID_DEPLOYMENT { }
asm predefined-policy POLICY_TEMPLATE_SAP_NETWEAVER_7_HTTP { }
asm predefined-policy POLICY_TEMPLATE_SAP_NETWEAVER_7_HTTPS { }
asm predefined-policy POLICY_TEMPLATE_SHAREPOINT_2003_HTTP { }
asm predefined-policy POLICY_TEMPLATE_SHAREPOINT_2003_HTTPS { }
asm predefined-policy POLICY_TEMPLATE_SHAREPOINT_2007_HTTP { }
asm predefined-policy POLICY_TEMPLATE_SHAREPOINT_2007_HTTPS { }
asm predefined-policy POLICY_TEMPLATE_SHAREPOINT_2010_HTTP { }
asm predefined-policy POLICY_TEMPLATE_SHAREPOINT_2010_HTTPS { }
auth ldap system-auth {
    bind-dn "CN=MASKed, CN=Users, DC=us, DC=mask, DC=com"
    bind-pw $M$W5$UkmQNu0F38ezLTSpfCSB6w==
    check-roles-group enabled
    login-attribute samaccountname
    search-base-dn "DC=us, DC=mask, DC=com"
    servers { xx.0.0.1 }
}
auth password-policy { }
auth remote-role {
    role-info {
        F5-Administrator {
            attribute memberOf=CN=F5-MASKed,CN=Users,DC=us,DC=mask,DC=com
            console tmsh
            line-order 1000
            role administrator
            user-partition All
        }
        F5-Guest {
            attribute memberOf=CN=F5-MASKed-too,CN=Users,DC=us,DC=mask,DC=com
            line-order 1001
            role auditor
            user-partition All
        }
    }
}
auth remote-user { }
auth source {
    type active-directory
}
auth user admin {
    description "Admin User"
    encrypted-password $xxxxxMASKXXX.
    partition Common
    partition-access {
        all-partitions {
            role admin
        }
    }
    shell none
}
cli global-settings { }
cli preference {
    alias-path { /Common }
    prompt { host user status current-folder config-sync-status }
}
cm cert dtca-bundle.crt {
    certificate-key-size 2048
    checksum SHA1:3426:21860a1ff2615bf634815779b23071c04dce1223
    create-time 2018-06-21:15:16:45
    created-by root
    expiration-date 1844968605
    expiration-string "Jun 18 19:16:45 2028 GMT"
    issuer CN=da5aa61f-52fb-4a48-8d3f0023e94bdc12
    key-type rsa-public
    last-update-time 2018-08-10:15:53:53
    mode 33188
    revision 4
    serial-number 496846
    size 3426
    subject CN=da5aa61f-52fb-4a48-8d3f0023e94bdc12
    updated-by %devmgmtd
    version 3
}
cm cert dtca.crt {
    certificate-key-size 2048
    checksum SHA1:1326:13ea2fc8ef3be7e3768cb112a5cf41bd59da049c
    create-time 2018-06-21:15:16:45
    created-by root
    expiration-date 1844968605
    expiration-string "Jun 18 19:16:45 2028 GMT"
    issuer CN=da5aa61f-52fb-4a48-8d3f0023e94bdc12
    key-type rsa-public
    last-update-time 2018-06-21:15:16:45
    mode 33188
    revision 3
    serial-number 496846
    size 1326
    subject CN=da5aa61f-52fb-4a48-8d3f0023e94bdc12
    updated-by root
    version 3
}
cm cert dtdi.crt {
    certificate-key-size 2048
    checksum SHA1:1322:5f491fab1941fac7f8b50ed58c8cd5390e0dd64f
    create-time 2018-08-03:15:23:53
    created-by root
    expiration-date 1848684233
    expiration-string "Jul 31 19:23:53 2028 GMT"
    issuer CN=da5aa61f-52fb-4a48-8d3f0023e94bdc12
    key-type rsa-public
    last-update-time 2018-08-03:15:23:53
    mode 33188
    revision 5
    serial-number 112002
    size 1322
    subject CN=xx-rhwebdev1.us.mask.com
    updated-by root
    version 3
}
cm device xx-rhwebdev1.us.mask.com {
    active-modules { "ASM, Unlimited, VIPRION|LNKNSTP-CCQHFRH" "Best Bundle, C2200 / C2400 Platforms|OGCXKCC-KJDWXRX|SDN Services|Acceleration Manager, C2400|DNS (Unlimited), VIPRION|APM, Base, C2400|AFM, C2400|ASM, Unlimited, VIPRION|Anti-Virus Checks|Base Endpoint Security Checks|Firewall Checks|Network Access|Secure Virtual Keyboard|APM, Web Application|Machine Certificate Checks|Protected Workspace|Compression, Unlimited|Remote Desktop|App Tunnel|GTM Licensed Objects, Unlimited|DNS Rate Fallback, Unlimited|DNS Licensed Objects, Unlimited|GTM Rate Fallback, (UNLIMITED)|DNS Rate Limit, Unlimited QPS|GTM Rate, Unlimited|SSL, Unlimited, C2400/C4400/C4480|CGN, VIPRION, AFM ONLY|Routing Bundle|PSM|Acceleration Manager, Ltd to Full Upgrade" "GTM|IBQBYMQ-QBUEQYD|STP|GTM, DNS LB|GTM Licensed Objects, Unlimited|DNS Rate Fallback, Unlimited|DNS Licensed Objects, Unlimited|GTM Rate Fallback, (UNLIMITED)|DNS Rate Limit, Unlimited QPS|GTM Rate, Unlimited" "LTM, Base, C2400|DFEKXAY-UQWVMGS|IPV6 Gateway|Rate Shaping|Ram Cache|50 MBPS COMPRESSION|APM, Limited, Viprion|SSL, 500 TPS Per Core|Cluster Multi-Processing|Anti-Virus Checks|Base Endpoint Security Checks|Firewall Checks|Network Access|Secure Virtual Keyboard|APM, Web Application|Machine Certificate Checks|Protected Workspace|Compression, Unlimited|Remote Desktop|App Tunnel|SSL, Unlimited, C2400/C4400/C4480|CGN, VIPRION, AFM ONLY|Routing Bundle|PSM|DNS Rate Fallback, Unlimited|DNS Licensed Objects, Unlimited|DNS Rate Limit, Unlimited QPS|Acceleration Manager, Ltd to Full Upgrade|SSL, C2200/C2400|AAM, Core" "VCMP Enabled, C2400|QICMGYG-QWVRHRT" }
    base-mac 00:23:e9:4b:db:49
    build 0.0.3
    cert dtdi.crt
    chassis-id chs403255s
    chassis-type viprion
    contact ITSecurity@maskmask.com
    description "Web Development  F5"
    edition "Point Release 6"
    failover-state active
    hostname xx-rhwebdev1.us.mask.com
    key dtdi.key
    location "New York, NY"
    management-ip xx.xx.xx.1
    marketing-name "BIG-IP vCMP Guest"
    optional-modules { "Acceleration Manager, C2400" "ADC, Security Bundle, C2400" "Advanced Protocols" "AFM, C2400" "APM, Base, C2400" "APM, Max Access Sessions, C2400" "APM, Max CCU, C2400" "App Mode (TMSH Only, No Root/Bash)" "ASM, Bundle, VIPRION" "ASM, PSM to ASM Upgrade" "Better Bundle, C2200 / C2400 Platforms" "Better to Best Bundle, C2200 / C2400 Platforms" "BPEM, C2X00" "CGN, Viprion" "Client Authentication" "Compression, Unlimited" "Concurrent Users" "DNS (Unlimited), VIPRION" "DNS and GTM (1K QPS), VIPRION" "DNS Services, VPR" DNSSEC "Dynamic Policy Provisioning, C2X00" "External Interface and Network HSM" "FIPS 140-2 Compliant Mode, C2X00" "FIX Low Latency" "IP Intelligence, 1Yr, C2400" "IP Intelligence, 3Yr, C2200" "IP Intelligence, 3Yr, C2400" "MSM, Unlimited Mailboxes" "PEM URL Filtering, 1Yr, C2400" "PEM URL Filtering, 3Yr, C2400" "PEM, C2400" "PEM, Quota Management, C2X00" "Performance Extreme, VPR" "PSM, Base" "Routing Bundle" "SDN Services" "Secure Web Gateway, 1Yr, C2200/C2400" "Secure Web Gateway, 1Yr, C2X00, 60K URL Sessions" "Secure Web Gateway, 3Yr, C2200/C2400" "Secure Web Gateway, 3Yr, C2X00, 60K URL Sessions" "SSL, Forward Proxy" "SSL, Unlimited, C2400/C4400/C4480" "Subscriber Discovery, C2X00" "Traffic Classification, C2X00" "URL Filtering, 1Yr, C2200/C2400" "URL Filtering, 1Yr, C2X00, 60K URL Sessions" "URL Filtering, 3Yr, C2200/C2400" "URL Filtering, 3Yr, C2X00, 60K URL Sessions" "VIPRION, Multicast Routing" "WBA, Bundle, C2400" }
    platform-id Z101
    product BIG-IP
    self-device true
    time-limited-modules { "IP Intelligence, 1Yr, C2200|DBZUASV-ODCEMUR|20151007|20181020|SUBSCRIPTION" }
    time-zone America/New_York
    version 12.1.3.6
}
cm device-group datasync-device-xx-rhwebdev1.us.mask.com-dg {
    auto-sync enabled
    devices {
        xx-rhwebdev1.us.mask.com { }
    }
    full-load-on-sync true
    network-failover disabled
}
cm device-group datasync-global-dg {
    devices {
        xx-rhwebdev1.us.mask.com { }
    }
    full-load-on-sync true
    network-failover disabled
}
cm device-group device-group-failover {
    description "HA Group for Application Failover"
    devices {
        xx-rhwebdev1.us.mask.com { }
    }
    network-failover disabled
    type sync-failover
}
cm device-group device_trust_group {
    auto-sync enabled
    devices {
        xx-rhwebdev1.us.mask.com { }
    }
    network-failover disabled
}
cm device-group gtm {
    devices {
        xx-rhwebdev1.us.mask.com { }
    }
    network-failover disabled
}
cm key dtca.key {
    checksum SHA1:1704:663f6f8370f5ed8e7b017c223b515ea1c49b5da9
    create-time 2018-06-21:15:16:45
    created-by root
    key-size 2048
    last-update-time 2018-06-21:15:16:45
    mode 33184
    revision 3
    size 1704
    updated-by root
}
cm key dtdi.key {
    checksum SHA1:1704:291e6c53084e4a18c7d8221785497d562c82c911
    create-time 2018-08-03:15:23:53
    created-by root
    key-size 2048
    last-update-time 2018-08-03:15:23:53
    mode 33184
    revision 5
    size 1704
    updated-by root
}
cm traffic-group traffic-group-1 {
    unit-id 1
}
cm traffic-group traffic-group-local-only {
    is-floating false
}
cm trust-domain Root {
    ca-cert dtca.crt
    ca-cert-bundle dtca-bundle.crt
    ca-devices { /Common/xx-rhwebdev1.us.mask.com }
    ca-key dtca.key
    status standalone
    trust-group device_trust_group
}
ltm classification signature-definition { }
ltm classification signature-update-schedule { }
ltm classification signature-version { }
ltm default-node-monitor {
    rule none
}
ltm dns analytics global-settings { }
ltm dns cache global-settings { }
ltm global-settings connection { }
ltm global-settings general { }
ltm global-settings traffic-control { }
ltm node masksyslog-new {
    address xx.104.82.130
}
ltm node sam-1 {
    address xx.xx.224.50
}
ltm node sam-2 {
    address xx.xx.224.51
}
ltm node wmsyslog {
    address xx.104.82.171
}
ltm persistence global-settings { }
ltm policy asm_auto_l7_policy__virt-svr-sam1 {
    controls { asm }
    last-modified 2018-08-08:18:26:55
    requires { http }
    rules {
        default {
            actions {
                1 {
                    asm
                    enable
                    policy /Common/RHWeb_Base_ASM_Policy
                }
            }
            ordinal 1
        }
    }
    status published
    strategy first-match
}
ltm pool prsyslog-dos {
    members {
        masksyslog-new:5445 {
            address xx.104.82.130
        }
    }
}
ltm pool sam-pool-1 {
    members {
        sam-1:http {
            address xx.xx.224.50
            session monitor-enabled
            state down
        }
        sam-2:http {
            address xx.xx.224.51
            session monitor-enabled
            state down
        }
    }
    monitor tcp
}
ltm pool sam-pool-3 {
    members {
        sam-1:https {
            address xx.xx.224.50
        }
        sam-2:https {
            address xx.xx.224.51
        }
    }
}
ltm pool splunk-logs {
    description "Splunk Logs"
    members {
        wmsyslog:514 {
            address xx.104.82.171
            session monitor-enabled
            state up
        }
    }
    monitor udp
}
ltm pool splunk-logs-tcp {
    members {
        wmsyslog:514 {
            address xx.104.82.171
            session monitor-enabled
            state up
        }
    }
    monitor tcp
}
ltm profile client-ssl wildcard.dev.maskmask.com-clientssl {
    app-service none
    cert wildcard.dev.maskmask.com-clientssl.crt
    cert-key-chain {
        wildcard_wildcard {
            cert wildcard.dev.maskmask.com-clientssl.crt
            chain wildcard.dev.maskmask.com-clientssl.crt
            key wildcard.dev.maskmask.com-clientssl.key
        }
    }
    chain wildcard.dev.maskmask.com-clientssl.crt
    defaults-from clientssl
    destination-ip-blacklist none
    destination-ip-whitelist none
    hostname-blacklist none
    hostname-whitelist none
    inherit-certkeychain false
    key wildcard.dev.maskmask.com-clientssl.key
    passphrase none
    source-ip-blacklist none
    source-ip-whitelist none
}
ltm profile http http-x-forwarded-for {
    app-service none
    defaults-from http
    enforcement {
        unknown-method allow
    }
    insert-xforwarded-for enabled
    proxy-type reverse
}
ltm profile server-ssl serverssl-insecure-compatible {
    app-service none
    ciphers !SSLv2:!EXPORT:!DH:RSA+RC4:RSA+AES:RSA+DES:RSA+3DES:ECDHE+AES:ECDHE+3DES:@SPEED
    defaults-from serverssl
    options { dont-insert-empty-fragments no-sslv3 }
    renegotiation disabled
    secure-renegotiation request
}
ltm rule niq-security-block {
    when HTTP_REQUEST {
    if {
        ([string tolower [HTTP::path]] contains "pom.xml") ||
        ([string tolower [HTTP::path]] contains "server-info") ||
        ([string tolower [HTTP::path]] contains "server-status") ||
        ([string tolower [HTTP::path]] contains ".git") ||
        ([string tolower [HTTP::path]] contains ".gitignore") ||
        ([string tolower [HTTP::path]] contains "test.php")

    } then {
        HTTP::respond 404 content "404 File Not Found" Mime-Type "text/html"
    }
}
}
ltm snat-translation xx.171.221.250 {
    address xx.171.221.250
    inherited-traffic-group true
    traffic-group traffic-group-1
}
ltm snatpool Default-Web-Sevrer-SNAT-Pool {
    members {
        xx.171.221.250
    }
}
ltm tacdb licenseddb licensed-tacdb {
    partition none
}
ltm virtual Outbound_FTP {
    description "Allowed Outbound FTP based AFM. sam li"
    destination 0.0.0.0:ftp
    fw-enforced-policy Outbound_FTP
    ip-protocol tcp
    mask any
    pool sam-pool-3
    profiles {
        tcp { }
    }
    security-log-profiles {
        splunk-logging
    }
    source 0.0.0.0/0
    source-address-translation {
        pool Default-Web-Sevrer-SNAT-Pool
        type snat
    }
    translate-address enabled
    translate-port enabled
    vs-index 2
}
ltm virtual virt-svr-sam1 {
    description "test only"
    destination xx.xx.220.50:http
    ip-protocol tcp
    mask 255.255.255.255
    policies {
        asm_auto_l7_policy__virt-svr-sam1 { }
    }
    pool sam-pool-1
    profiles {
        ASM_RHWeb_Base_ASM_Policy { }
        http-x-forwarded-for { }
        tcp { }
        websecurity { }
    }
    source 0.0.0.0/0
    translate-address enabled
    translate-port enabled
    vlans {
        dev_int_vlan703
    }
    vlans-enabled
    vs-index 3
}
ltm virtual virt-svr-sam3 {
    description "sam li test"
    destination xx.xx.220.50:https
    ip-protocol tcp
    mask 255.255.255.255
    profiles {
        http-x-forwarded-for { }
        serverssl-insecure-compatible {
            context serverside
        }
        tcp { }
        wildcard.dev.maskmask.com-clientssl {
            context clientside
        }
    }
    rules {
        niq-security-block
    }
    security-log-profiles {
        splunk-logging
    }
    source 0.0.0.0/0
    translate-address enabled
    translate-port enabled
    vlans {
        Vlan422-WebSrvr-xx.xx.222.x
        dev_int_vlan703
    }
    vlans-enabled
    vs-index 4
}
net cos global-settings { }
net dag-globals { }
net fdb tunnel http-tunnel { }
net fdb tunnel socks-tunnel { }
net fdb vlan Ha_55 { }
net fdb vlan VLAN200-Public-xx.171.1.x { }
net fdb vlan VLAN420-WebSvcs-xx.xx.220.x { }
net fdb vlan VLAN424-WebSrvr-xx.xx.224.x { }
net fdb vlan VLAN426-AppSvcs-xx.xx.226.x { }
net fdb vlan VLAN428-XdmzSvcs-xx.xx.228.x { }
net fdb vlan VLAN430-XdmzSrvr-xx.xx.230.x { }
net fdb vlan VLAN437-XappSrvr-xx.xx.237.x { }
net fdb vlan VLAN702-Internal-xx.201.4.x { }
net fdb vlan Vlan422-WebSrvr-xx.xx.222.x { }
net fdb vlan dev_int_vlan703 { }
net interface 2/mgmt {
    if-index 34
    mac-address 00:23:e9:4b:db:49
    media-active 100TX-FD
}
net ipsec ike-daemon ikedaemon {
    log-publisher default-ipsec-log-publisher
}
net lldp-globals { }
net multicast-globals { }
net packet-filter-trusted { }
net route-domain 0 {
    id 0
    vlans {
        http-tunnel
        socks-tunnel
        Ha_55
        VLAN420-WebSvcs-xx.xx.220.x
        VLAN424-WebSrvr-xx.xx.224.x
        VLAN426-AppSvcs-xx.xx.226.x
        VLAN428-XdmzSvcs-xx.xx.228.x
        VLAN430-XdmzSrvr-xx.xx.230.x
        VLAN437-XappSrvr-xx.xx.237.x
        VLAN702-Internal-xx.201.4.x
        Vlan422-WebSrvr-xx.xx.222.x
        dev_int_vlan703
    }
}
net self-allow {
    defaults {
        igmp:any
        ospf:any
        pim:any
        tcp:domain
        tcp:f5-iquery
        tcp:https
        tcp:snmp
        tcp:ssh
        udp:520
        udp:cap
        udp:domain
        udp:f5-iquery
        udp:snmp
    }
}
net stp-globals { }
net trunk Main-cross-switch-trunk {
    cfg-mbr-count 2
    distribution-hash src-dst-mac
    interfaces {
        1/1.1
        2/1.1
    }
    mac-address 00:23:e9:4b:dd:21
    stp disabled
    type ha-only
    working-mbr-count 1
}
net trunk external-trunk {
    cfg-mbr-count 2
    distribution-hash src-dst-mac
    interfaces {
        1/1.5
        2/1.5
    }
    mac-address 00:23:e9:4b:dd:22
    stp disabled
    type ha-only
    working-mbr-count 1
}
net tunnels tunnel http-tunnel {
    description "Tunnel for http-explicit profile"
    if-index 64
    profile tcp-forward
}
net tunnels tunnel socks-tunnel {
    description "Tunnel for socks profile"
    if-index 80
    profile tcp-forward
}
net vlan Ha_55 {
    if-index 96
    tag 55
}
net vlan VLAN200-Public-xx.171.1.x {
    if-index 112
    tag 200
}
net vlan VLAN420-WebSvcs-xx.xx.220.x {
    if-index 128
    tag 420
}
net vlan VLAN424-WebSrvr-xx.xx.224.x {
    if-index 144
    tag 424
}
net vlan VLAN426-AppSvcs-xx.xx.226.x {
    if-index 160
    tag 426
}
net vlan VLAN428-XdmzSvcs-xx.xx.228.x {
    if-index 176
    tag 428
}
net vlan VLAN430-XdmzSrvr-xx.xx.230.x {
    if-index 192
    tag 4094
}
net vlan VLAN437-XappSrvr-xx.xx.237.x {
    if-index 208
    tag 437
}
net vlan VLAN702-Internal-xx.201.4.x {
    if-index 224
    tag 702
}
net vlan Vlan422-WebSrvr-xx.xx.222.x {
    if-index 240
    tag 422
}
net vlan dev_int_vlan703 {
    if-index 256
    tag 703
}
security bot-defense asm-profile ASM_RHWeb_Base_ASM_Policy {
    app-service none
    flags 0
    send-javascript-challenge disabled
    send-javascript-efoxy disabled
    send-javascript-fingerprint disabled
}
security device device-context { }
security dos bot-signature "8484 Boston Project" {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"8484 Boston Project\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "ADmantX Platform Semantic Analyzer" {
    category Crawler
    risk low
    rule "headercontent:\"ADmantX Platform Semantic Analyzer\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Alexa Archiver" {
    category Crawler
    risk low
    rule "headercontent:\"ia_archive\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Apache Struts Dynamic Method Invocation" {
    category "/Common/Exploit Tool"
    rule "headercontent:\"method:\"; useragentonly; nocase; headercontent:\"#\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "AppScan URI" {
    category "/Common/Vulnerability Scanner"
    rule "uricontent:\"AppScan_fingerprint/MAC_ADDRESS\"; nocase;"
    user-defined false
}
security dos bot-signature "Arachni Scanner" {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"Arachni\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Are My Sites Up\?" {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"AMSU\"; useragentonly; nocase; depth:4;"
    user-defined false
}
security dos bot-signature "Atomic Reader" {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"Atomic Reader\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Automattic Feed Fetcher" {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"Automattic Feed Fetcher\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Avzhan DDoS Bot" {
    category "/Common/DOS Tool"
    rule "headercontent:\"Mozilla\"; useragentonly; nocase; headercontent:\"|3b| MyIE \"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Bash Shellshock" {
    category "/Common/Exploit Tool"
    rule "headercontent:\"() {\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Bichoo Spider" {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"Bichoo Spider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Binget PHP Library" {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"Binget/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Black Hole" {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"Black Hole\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Bloomberg Financial Market bot" {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"BLP_bbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "CISPA Vulnerability Notification" {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"CISPA Vulnerability Notification\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "CSS Certificate Spider" {
    category Crawler
    risk low
    rule "headercontent:\"CSS Certificate Spider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Calculon Spider" {
    category Crawler
    risk low
    rule "headercontent:\"calculon spider/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Cenzic Hailstorm" {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"CenzicHailstorm\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Check for Update" {
    category Spyware
    risk high
    rule "headercontent:\"Check for Update\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "China Local Browse" {
    category "/Common/Spam Bot"
    rule "headercontent:\"China Local Browse\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Cisco Content Engine" {
    category Crawler
    risk low
    rule "headercontent:\"CE-Preload\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Cisco Torch" {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"Cisco-torch\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Citrix ICA Client" {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"\\Citrix\\ICA Client\\\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Cityreview Robot" {
    category Crawler
    risk low
    rule "headercontent:\"Cityreview Robot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Clickagy Intelligence Bot" {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"Clickagy Intelligence Bot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Closure Compiler Service" {
    category Crawler
    domains { .googleusercontent.com }
    risk low
    rule "headercontent:\"closure-compiler-hrd\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Cloud mapping experiment" {
    category Crawler
    risk low
    rule "headercontent:\"Cloud mapping experiment\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "CloudFlare AlwaysOnline" {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"CloudFlare-AlwaysOnline\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Comodo SSL Checker" {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"Comodo SSL Checker\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Comodo Spider" {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"Comodo Spider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Conduit Toolbar COMMLAYER" {
    category Spyware
    rule "headercontent:\"COMMLAYER\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "ContextAd Bot" {
    category "/Common/Spam Bot"
    rule "headercontent:\"ContextAd Bot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "CopperEgg RevealUptime" {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"CopperEgg/RevealUptime/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Crescent Internet ToolPak" {
    category "/Common/Spam Bot"
    rule "headercontent:\"Crescent Internet ToolPak\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "D3DL0 G00D N1C3" {
    category "/Common/DOS Tool"
    rule "headercontent:\"{[D3DL0 G00D N1C3]}\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "DNS-Tools Header-Analyzer" {
    category Crawler
    risk low
    rule "headercontent:\"DNS-Tools Header-Analyzer\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "DTS Agent" {
    category "/Common/Exploit Tool"
    risk high
    rule "headercontent:\"DTS Agent\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Data Dog" {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"DataDog\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Dataprovider Site Explorer" {
    category Crawler
    risk low
    rule "headercontent:\"Dataprovider Site Explorer\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "DavTest WebDav Vulnerability Scanner" {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"dave/v\"; useragentonly; nocase; depth:6;"
    user-defined false
}
security dos bot-signature "Delf Buzus Checkin" {
    category Spyware
    risk high
    rule "headercontent:\"dwn\"; useragentonly; nocase; depth:3;"
    user-defined false
}
security dos bot-signature "Demo Bot" {
    category "/Common/Spam Bot"
    rule "headercontent:\"Demo Bot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Digimarc WebReader" {
    category "/Common/Web Spider"
    rule "headercontent:\"Digimarc WebReader\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Domain Re-Animator Bot" {
    category Crawler
    risk low
    rule "headercontent:\"Domain Re-Animator Bot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "DomainsDB.net MetaCrawler" {
    category Crawler
    risk low
    rule "headercontent:\"DomainsDB.net MetaCrawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Dot TK spider" {
    category Crawler
    risk low
    rule "headercontent:\"Dot TK - spider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "DriveCleaner Updater" {
    category Spyware
    risk high
    rule "headercontent:\"DriveCleaner Updater\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "DuckDuckGo Bot" {
    category "/Common/Search Engine"
    domains { .duckduckgo.com .ivegotafang.com static-72-94-249-35.phlapa.fios.verizon.net }
    risk low
    rule "headercontent:\"DuckDuckBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "EasyBib AutoCite" {
    category Crawler
    risk low
    rule "headercontent:\"EasyBib AutoCite\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Educate Search VxB" {
    category "/Common/Spam Bot"
    rule "headercontent:\"Educate Search VxB\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Electron (Nightmare)" {
    category "/Common/Headless Browser"
    risk high
    rule "headercontent:\"Electron/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "ExactSeek Crawler" {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"ExactSeekCrawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "FAST Enterprise Crawler 6" {
    category Crawler
    risk low
    rule "headercontent:\"Sensis Web Crawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Facebook External Hit" {
    category "/Common/Social Media Agent"
    risk low
    rule "headercontent:\"facebookexternalhit\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Fake Internet Explorer" {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"internet explorer\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Fake Microsoft Internet Explorer" {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"Microsoft Internet Explorer\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Fake Opera 8.11" {
    category Spyware
    risk high
    rule "headercontent:\"opera/8.11\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Fast HTTP Auth Scanner" {
    category Crawler
    risk low
    rule "headercontent:\"Fast HTTP Auth Scanner\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "FeedWordPress Bot" {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"FeedWordPress\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Fetch API Request" {
    category "/Common/Spam Bot"
    rule "headercontent:\"Fetch API Request\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Flamingo Search" {
    category Crawler
    risk low
    rule "headercontent:\"flamingosearch\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Flipopia Related Malware User Agent" {
    category Spyware
    risk high
    rule "headercontent:\"Flipopia\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "FollowSite Bot" {
    category Crawler
    risk low
    rule "headercontent:\"FollowSite Bot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Fragment (WORKED)" {
    category Spyware
    risk high
    rule "headercontent:\"WORKED\"; useragentonly;"
    user-defined false
}
security dos bot-signature "Franklin Locator" {
    category "/Common/Spam Bot"
    rule "headercontent:\"Franklin Locator\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Free Download Manager 3.x" {
    category "/Common/Web Downloader"
    risk low
    rule "headercontent:\"fdm\"; useragentonly; nocase; depth:3;"
    user-defined false
}
security dos bot-signature "Free Video Downloader Lite" {
    category "/Common/Web Downloader"
    risk high
    rule "headercontent:\"Free Video Downloader Lite\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Fresh Feed Pro" {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"Fresh Feed Pro\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Fresh Proxies Harvester" {
    category Crawler
    risk low
    rule "headercontent:\"Fresh Proxies Harvester\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Full Web Bot" {
    category "/Common/Spam Bot"
    rule "headercontent:\"Full Web Bot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "GSA Crawler" {
    category Crawler
    risk low
    rule "headercontent:\"gsa-crawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "GameBoy, Powered by Nintendo fake UA" {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"GameBoy, Powered by Nintendo\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Gator Agent Traffic" {
    category Spyware
    risk high
    rule "headercontent:\"Gator\"; useragentonly;"
    user-defined false
}
security dos bot-signature "Genieo Web filter" {
    category Crawler
    risk low
    rule "headercontent:\"genieo\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Get HTML Source Code Program" {
    category Spyware
    risk high
    rule "headercontent:\"Get HTML Source Code Program\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Gluten Free Crawler" {
    category Crawler
    risk low
    rule "headercontent:\"Gluten Free Crawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Google AdsBot" {
    category Crawler
    domains { .google.com .googlebot.com }
    risk low
    rule "headercontent:\"AdsBot-Google\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Google Desktop" {
    category Crawler
    risk low
    rule "headercontent:\"Google Desktop\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Google Feedfetcher" {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"FeedFetcher-Google\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Google Keyword Suggestion" {
    category Crawler
    domains { .google.com .googlebot.com }
    risk low
    rule "headercontent:\"Google Keyword Suggestion\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Google Page Speed Insights" {
    category Crawler
    rule "headercontent:\"Google Page Speed Insights\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Google Translate" {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"translate.google.com\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Google favicon" {
    category Crawler
    domains { .google.com .googlebot.com }
    risk low
    rule "headercontent:\"Google Favicon\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Gootkit Scanner" {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"Gootkit auto-rooter scanner\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Grum Tedroo Spambot" {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"id=\"; useragentonly; nocase; headercontent:\"smtp=\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Gypikon Based Dropper Checkin" {
    category Spyware
    risk high
    rule "headercontent:\"SetUpAll\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "HTTP Client" {
    category Spyware
    risk high
    rule "headercontent:\"HTTP Client\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Havij SQL injection (Header)" {
    category "/Common/Exploit Tool"
    rule "headercontent:\"UNION\"; useragentonly; nocase; headercontent:\"SELECT\"; useragentonly; nocase; headercontent:\"0x31303235343830303536\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Havij SQL injection (URI)" {
    category "/Common/Exploit Tool"
    rule "uricontent:\"UNION\"; nocase; uricontent:\"SELECT\"; nocase; uricontent:\"0x31303235343830303536\"; nocase;"
    user-defined false
}
security dos bot-signature "Headless Chromium" {
    category "/Common/Headless Browser"
    rule "headercontent:\"HeadlessChrome/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "HeartRails Robot" {
    category Crawler
    risk low
    rule "headercontent:\"HeartRails Robot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Host Tracker" {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"HostTracker.com\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "HyperZbozi.cz Feeder" {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"HyperZbozi.cz\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "IBM EVV" {
    category "/Common/Spam Bot"
    rule "headercontent:\"IBM EVV\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "INTERNET EXPLOITER" {
    category "/Common/Exploit Tool"
    risk high
    rule "headercontent:\"INTERNET EXPLOITER\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "ISC Systems iRc Search 2.1" {
    category "/Common/Spam Bot"
    rule "headercontent:\"ISC Systems iRc Search 2.1\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Indy Library" {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"Indy Library\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Inspathx Path Disclosure Scanner" {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"path disclosure finder\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Internet Ninja x.0" {
    category "/Common/Exploit Tool"
    risk high
    rule "headercontent:\"Internet Ninja x.0\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "JCE Bot" {
    category "/Common/Exploit Tool"
    rule "headercontent:\"BOT for JCE\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "JetBrains Omea Reader" {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"JetBrains Omea Reader\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "JobboerseBot (www.xing.com)" {
    category Crawler
    risk low
    rule "headercontent:\"JobboerseBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Jodd HTTP" {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"Jodd HTTP\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "KD Bot" {
    category Crawler
    risk low
    rule "headercontent:\"KD Bot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Kaspersky AntiRootkit TDSSKiller" {
    category "/Common/Exploit Tool"
    rule "headercontent:\"KL Cure Utility/1.0\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Kaspersky Lab Content Filtering Research" {
    category Crawler
    risk low
    rule "headercontent:\"Kaspersky Lab Content Filtering Research\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Kenjin Spider" {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"Kenjin Spider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Kosmix Voyager" {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"Voyager\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "LYT.SR v1.5" {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"LYT.SR v1.5\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Language Identify Crawler" {
    category Crawler
    risk low
    rule "headercontent:\"Language Identify Crawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Lijit Crawler" {
    category Crawler
    risk low
    rule "headercontent:\"Lijit Crawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Linguee Bot" {
    category Crawler
    risk low
    rule "headercontent:\"Linguee Bot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Link Valet Online" {
    category Crawler
    risk low
    rule "headercontent:\"Link Valet Online\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "LinkStats Bot" {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"LinkStats Bot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Lump Image Search" {
    category Crawler
    risk low
    rule "headercontent:\"LumpImageSearch/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "MSIE 7.0" {
    category Spyware
    risk high
    rule "headercontent:\"MSIE 7.0\"; useragentonly; nocase; depth:8;"
    user-defined false
}
security dos bot-signature "Magus Bot" {
    category Crawler
    risk low
    rule "headercontent:\"magus bot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Malformed compatible" {
    category "/Common/Spam Bot"
    rule "headercontent:\"compatible ;\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Malicious program ( scan1.0.scan )" {
    category "/Common/Network Scanner"
    rule "uricontent:\"/scan1.0.scan/\"; nocase;"
    user-defined false
}
security dos bot-signature "Max Patrol" {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"Windows NT 7.0) PT\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Medusa Scanner" {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"Teh Forest Lobster\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Microsoft Office Existence Discovery" {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"Microsoft Office Existence Discovery\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Microsoft Office Protocol Discovery" {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"Microsoft Office Protocol Discovery\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Morfeus Scanner" {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"Morfeus\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Mosiac 1." {
    category "/Common/Exploit Tool"
    risk high
    rule "headercontent:\"Mosiac 1.\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Mozilla 3.0 (compatib1e; Indy Library)" {
    category Spyware
    rule "headercontent:\"Mozilla/3.0 (compatib1e|3b| Indy Library)\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "NEWT ActiveX" {
    category "/Common/Web Spider"
    rule "headercontent:\"NEWT ActiveX\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Nessus (Header)" {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"Nessus\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Nessus (URI)" {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "uricontent:\"nessus\"; nocase;"
    user-defined false
}
security dos bot-signature "Nessus probe" {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "uricontent:\"nonexistant\"; nocase;"
    user-defined false
}
security dos bot-signature "NetLyzer FastProbe" {
    category Crawler
    risk low
    rule "headercontent:\"NetLyzer FastProbe\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Netcraft Survey" {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"Netcraft Web Server Survey\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Neutrino Bot" {
    category "/Common/DOS Tool"
    rule "headercontent:\"Mozilla/5.0 (Windows NT 6.1|3b| WOW64|3b| rv:39.0) Gecko/20100101 Firefox/38.0\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Nmap Scripting Engine" {
    category "/Common/Network Scanner"
    risk high
    rule "headercontent:\"nmap\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Nmap web server probe (nice ports Trinity)" {
    category "/Common/Network Scanner"
    rule "uricontent:\"nice ports,/Trinity.txt.bak\"; nocase;"
    user-defined false
}
security dos bot-signature "Nokia-WAPToolkit.\* googlebot" {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"Nokia-WAPToolkit\"; useragentonly; nocase; headercontent:\"googlebot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Optimum Installer" {
    category Spyware
    risk high
    rule "headercontent:\"IE6 on Windows XP\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "PDF Drive Crawler" {
    category Crawler
    risk low
    rule "headercontent:\"PDF Drive Crawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "PRTG Network Monitor" {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"PRTG Network Monitor\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Parse Robot" {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"Parse Robot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Pixray Seeker" {
    category Crawler
    risk low
    rule "headercontent:\"Pixray-Seeker\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Porkbun Mustache" {
    category Crawler
    risk low
    rule "headercontent:\"Porkbun/Mustache\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Project 25499" {
    category Crawler
    risk low
    rule "headercontent:\"Project 25499\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "RSS Bot" {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"RSS Bot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "RSS Notifier" {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"RSS%20Notifier\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Recorded Future" {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"Recorded Future\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Rescudos ROSE Essentials" {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"Rescudo|27|s ROSE Essentials\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "SAFEXPLORER TL" {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"SAFEXPLORER TL\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "SMF RSSFeeder" {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"SMF RSSFeeder\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "SNK Screenshot Bot" {
    category Crawler
    risk low
    rule "headercontent:\"SNK Screenshot Bot/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "SQ Webscanner" {
    category "/Common/Web Downloader"
    risk low
    rule "headercontent:\"SQ Webscanner\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "SQL Power Injector" {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"SQL Power Injector\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "SSL Labs" {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"SSL Labs\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Salesforce.com RSS Aggregator" {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"Salesforce.com RSS Aggregator\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Science Traveller International" {
    category "/Common/Spam Bot"
    rule "headercontent:\"Science Traveller International\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Screaming Frog" {
    category Crawler
    risk low
    rule "headercontent:\"Screaming Frog\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Select Rebates" {
    category Spyware
    risk high
    rule "headercontent:\"SelectRebates\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Setup Factory" {
    category Spyware
    risk high
    rule "headercontent:\"Setup Factory\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Shockwave Flash spam bot" {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"Shockwave Flash\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "SipCLI VOIP Scan" {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"sipcli\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Spyware MSIE xx.0" {
    category Spyware
    risk high
    rule "headercontent:\"MSIE xx.0\"; useragentonly; nocase; headercontent:\"Windows 3.1\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Synaptive Syndicator" {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"Synaptive Syndicator\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "T H A T ' S  G O T T A  H U R T" {
    category "/Common/Exploit Tool"
    risk high
    rule "headercontent:\"T H A T ' S  G O T T A  H U R T\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Teleport Pro" {
    category "/Common/Web Downloader"
    risk low
    rule "headercontent:\"teleport\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "The Http-string-downloader" {
    category Spyware
    rule "headercontent:\"The Http-string-downloader\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Twisted Pagegetter" {
    category "/Common/Web Downloader"
    risk low
    rule "headercontent:\"twisted pagegetter\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "VB Project" {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"VB Project\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Vega Web Application Scan" {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"Vega\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Viper 4.0" {
    category Spyware
    rule "headercontent:\"Viper 4.0\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "W3C Markup Validation Service" {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"w3c_validator\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "W32.Goolbot.E (iamx)" {
    category "/Common/DOS Tool"
    rule "headercontent:\"iamx\"; useragentonly; nocase; depth:4;"
    user-defined false
}
security dos bot-signature "WEP Search" {
    category "/Common/Spam Bot"
    rule "headercontent:\"WEP Search\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Web Copier" {
    category "/Common/Web Downloader"
    risk low
    rule "headercontent:\"webcopier\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Web Dup" {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"webdup\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "WebShag Web Application Scan" {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"webshag\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Webserver Stress Tool" {
    category "/Common/Webserver Stress Tool"
    rule "headercontent:\"simulated_by_webserver_stress_tool\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Website Pulse" {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"websitepulse\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Webtrends Security Analyzer" {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"Webtrends\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Wells Search II" {
    category "/Common/Spam Bot"
    rule "headercontent:\"Wells Search II\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "WhatWeb Web Application Fingerprint Scanner" {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"WhatWeb\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "WhiteFox WebLinkChecker" {
    category Crawler
    risk low
    rule "headercontent:\"WhiteFox WebLinkChecker\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Whitehat Security Scanner" {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"Whitehat Security Scanner\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Windows wget" {
    category Spyware
    rule "headercontent:\"Mozilla/6.0 (Windows|3b| wget 3.0)\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Windows-Update-Agent fake UA" {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"Windows-Update-Agent\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Woodstone Servers Alive" {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"servers alive url check\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Wordpress Hash Grabber" {
    category "/Common/Exploit Tool"
    risk high
    rule "headercontent:\"Wordpress Hash Grabber\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Xenu Link Sleuth" {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"Xenu Link Sleuth\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "YaCy proxy access" {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"yacy -\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Yahoo Pipes" {
    category Crawler
    risk low
    rule "headercontent:\"Yahoo Pipes\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Yahoo! Japan SearchMonkey" {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"Y!J SearchMonkey\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Yahoo! Japan" {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"Y!J-\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Yahoo! Slurp" {
    category "/Common/Search Engine"
    domains { .yahoo.net .yahoo.com }
    risk low
    rule "headercontent:\"Yahoo|21|\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Zango Installer" {
    category Spyware
    risk high
    rule "headercontent:\"SAIv\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "Zemanta Aggregator" {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"Zemanta Aggregator\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "an exploit" {
    category "/Common/Exploit Tool"
    risk high
    rule "headercontent:\"THIS IS AN EXPLOIT\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "big brother" {
    category "/Common/Network Scanner"
    rule "headercontent:\"big brother\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "bin execution attempt" {
    category "/Common/Exploit Tool"
    rule "headercontent:\"/bin/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "black widow" {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"black\"; useragentonly; nocase; headercontent:\"widow\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "bsqlbf - Blind SQL Injection Brute Forcing Tool" {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"bsqlbf\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "download demon" {
    category "/Common/Spam Bot"
    rule "headercontent:\"download demon\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "downnotifier.com monitoring" {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"downnotifier.com\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "email extractor" {
    category "/Common/E-Mail Collector"
    risk high
    rule "headercontent:\"email extractor\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "eo browse" {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"eo browse\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "fantomCrew Browser" {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"fantomCrew Browser\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "gensun.org imageCrawler" {
    category Crawler
    risk low
    rule "headercontent:\"gensun.org imageCrawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "grub crawler" {
    category "/Common/Web Spider"
    rule "headercontent:\"grub crawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "immediatenet thumbnails" {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"immediatenet\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "internetVista monitor" {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"internetVista\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "likely Banload Trojan Related" {
    category Spyware
    risk high
    rule "headercontent:\"FOTO-\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "livedoor FeedFetcher" {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"livedoor FeedFetcher\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "microsoft url control" {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"microsoft url control\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "mozilla4.0 (compatible" {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"mozilla/4.0 (compatible)\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "site snitch" {
    category "/Common/Spam Bot"
    rule "headercontent:\"site snitch\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "vb wininet" {
    category Spyware
    risk high
    rule "headercontent:\"vb wininet\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "web by mail" {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"web by mail\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature "xmlrpc exploit" {
    category "/Common/Exploit Tool"
    risk high
    rule "headercontent:\"xmlrpc exploit\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature .nasl {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\".nasl\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature 2search {
    category Crawler
    risk low
    rule "headercontent:\"2search\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature 80legs {
    category "/Common/Web Spider"
    risk low
    rule "headercontent:\"80legs\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature 200Please {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"200PleaseBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature 314 {
    category Spyware
    risk high
    rule "headercontent:\"314\"; useragentonly; nocase; depth:3;"
    user-defined false
}
security dos bot-signature 360Spider {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"360Spider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ABACHOBot {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"ABACHOBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature APIs-Google {
    category "/Common/Service Agent"
    domains { .google.com .googlebot.com }
    risk low
    rule "headercontent:\"APIs-Google\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Aboundex {
    category Crawler
    risk low
    rule "headercontent:\"Aboundex\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature AboutUsBot {
    category "/Common/Social Media Agent"
    risk low
    rule "headercontent:\"AboutUsBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Acoon {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"AcoonBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Acunetix {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"Acunetix\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature AddThis.com {
    category "/Common/Social Media Agent"
    risk low
    rule "headercontent:\"AddThis.com\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Adidx {
    category Crawler
    domains { .msn.com }
    risk low
    rule "headercontent:\"adidxbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Akregator {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"Akregator\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature AlertSite {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"alertsite\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Alexa {
    category Crawler
    risk low
    rule "headercontent:\"a_archiver\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Aloofly {
    category Crawler
    risk low
    rule "headercontent:\"Aloofly/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Amiga-AWeb {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"Amiga-AWeb\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Anemone {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"Anemone\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Apache-HttpClient {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"Apache-HttpClient\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature AppEngine-Google {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"AppEngine-Google\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature AppScan {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"AppScan\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Applebot {
    category Crawler
    risk low
    rule "headercontent:\"Applebot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ArchiveTeam {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"ArchiveTeam\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Artirix-Image {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"Artirix-Image\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Artmixx {
    category Crawler
    risk low
    rule "headercontent:\"artmixx\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Ask {
    category "/Common/Search Engine"
    domains { .ask.com }
    risk low
    rule "headercontent:\"teoma\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature AskPartnerCobranding {
    category Spyware
    risk high
    rule "headercontent:\"AskPartner\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Atomic_Email_Hunter {
    category "/Common/E-Mail Collector"
    rule "headercontent:\"Atomic_Email_Hunter\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Awesomium {
    category "/Common/Web Spider"
    rule "headercontent:\"Awesomium\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature BGroom {
    category Spyware
    rule "headercontent:\"BGroom\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature BLEXBot {
    category Crawler
    risk low
    rule "headercontent:\"BLEXBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Backdoor.Win32.Vertexbot.A {
    category "/Common/DOS Tool"
    rule "headercontent:\"VERTEXNET\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Baidu {
    category "/Common/Search Engine"
    domains { .baidu.com .baidu.jp }
    risk low
    rule "headercontent:\"Baiduspider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature BecomeBot {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"BecomeBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature BigCliqueBOT {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"BigCliqueBOT\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Bing {
    category "/Common/Search Engine"
    domains { .msn.com }
    risk low
    rule "headercontent:\"BingBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature BingPreview {
    category "/Common/Search Engine"
    domains { .msn.com }
    risk low
    rule "headercontent:\"BingPreview/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature BitActive {
    category Crawler
    risk low
    rule "headercontent:\"BitActive.com\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature BlackSun {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"BlackSun\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Blekkobot {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"Blekkobot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Bloglovin {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"Bloglovin/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Blogtrottr {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"Blogtrottr\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature BlueCoat {
    category Crawler
    risk low
    rule "headercontent:\"Mozilla/4.0 (compatible|3b|)\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature BoardReader {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"BoardReader\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Bork-edition {
    category "/Common/Spam Bot"
    rule "headercontent:\"Bork-edition\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Bountii {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"BountiiBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature BrainbruBot {
    category Crawler
    domains { 192-69-217-122 }
    risk low
    rule "headercontent:\"BrainbruBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature BrowserSpyBot {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"BrowserSpyBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Bruteforce {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"Bruteforce\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature BubiNG {
    category Crawler
    risk low
    rule "headercontent:\"BubiNG\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature BusinessSeek.biz_Spider {
    category "/Common/Web Spider"
    risk low
    rule "headercontent:\"BusinessSeek.biz_Spider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Butch__ {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"Butch__\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Butterfly {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"Butterfly\\/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature BuzzSumo {
    category Crawler
    risk low
    rule "headercontent:\"BuzzSumo\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Buzzbot {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"Buzzbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature CATExplorador {
    category "/Common/Site Monitor"
    rule "headercontent:\"CATExplorador\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature CCBot {
    category Crawler
    risk low
    rule "headercontent:\"CCBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature CCResearchBot {
    category Crawler
    risk low
    rule "headercontent:\"CCResearchBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature COMODOSpider {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"COMODOSpider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature CRAZYWEBCRAWLER {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"CRAZYWEBCRAWLER\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Caliperbot {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"Caliperbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature CamontSpider {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"CamontSpider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Careerbot {
    category Crawler
    risk low
    rule "headercontent:\"CareerBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature CasperJS {
    category "/Common/Headless Browser"
    rule "headercontent:\"CasperJS\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature CatchBot {
    category Crawler
    risk low
    rule "headercontent:\"CatchBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Catchpoint {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"catchpoint\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ChangeDetection.com {
    category Crawler
    risk low
    rule "headercontent:\"changedetection\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature CheeseBot {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"CheeseBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature CherryPicker {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"CherryPicker\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ChilkatUpload {
    category Spyware
    risk high
    rule "headercontent:\"ChilkatUpload\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ChimpFeedr.com {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"ChimpFeedr.com\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature CholTBAgent {
    category Spyware
    risk high
    rule "headercontent:\"CholTBAgent\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Chroot-apache0day {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"chroot-apache0day\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature CirrusExplorer {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"CirrusExplorer\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature CiteSeerX {
    category Crawler
    risk low
    rule "headercontent:\"citeseerxbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature CligooRobot {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"CligooRobot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Cliqzbot {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"Cliqzbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature CodeGuard {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"CodeGuard\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Codeout.kr {
    category Spyware
    risk high
    rule "headercontent:\"codeout\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature CoinCornerBot {
    category Crawler
    risk low
    rule "headercontent:\"CoinCornerBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature CommaFeed {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"CommaFeed\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Comodo-Certificates-Spider {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"Comodo-Certificates-Spider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ContactBot {
    category "/Common/E-Mail Collector"
    rule "headercontent:\"ContactBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ContentSmartz {
    category "/Common/E-Mail Collector"
    rule "headercontent:\"ContentSmartz\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Contiki {
    category "/Common/HTTP Library"
    risk high
    rule "headercontent:\"Contiki\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature CookieReports {
    category Crawler
    risk low
    rule "headercontent:\"CookieReports\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature CopyGuard {
    category "/Common/Web Spider"
    rule "headercontent:\"CopyGuard\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature CopyRightCheck {
    category "/Common/Web Spider"
    rule "headercontent:\"CopyRightCheck\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Crawlera {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"Crawlera\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Crawlytics {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"Crawlytics\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Crowsnest {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"Crowsnest\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature CukBot {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"CukBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Cutbot {
    category Crawler
    risk low
    rule "headercontent:\"cutbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Cyberdog {
    category "/Common/DOS Tool"
    rule "headercontent:\"Cyberdog\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature DBLBot {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"DBLBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature DBrowse {
    category "/Common/Spam Bot"
    rule "headercontent:\"DBrowse\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature DCPbot {
    category Crawler
    risk low
    rule "headercontent:\"DCPbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature DIY-SEOBot {
    category Crawler
    risk low
    rule "headercontent:\"DIY-SEOBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature DSurf15a {
    category "/Common/Spam Bot"
    rule "headercontent:\"DSurf15a\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature DataCha0s {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"DataCha0s\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature DataparkSearch {
    category Crawler
    risk low
    rule "headercontent:\"DataparkSearch\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Dazoobot {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"Dazoobot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature DealGates {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"DealGates\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature DeuSu {
    category Crawler
    risk low
    rule "headercontent:\"DeuSu\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature DialogSearch {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"DialogSearch\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature DiffBot {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"diffbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Digg {
    category "/Common/Social Media Agent"
    risk low
    rule "headercontent:\"Digg\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Digincore {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"Digincore\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature DirBuster {
    category "/Common/Exploit Tool"
    risk high
    rule "headercontent:\"DirBuster\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Discobot {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"discobot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Dispatch {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"Dispatch\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Dlvr.it {
    category "/Common/Social Media Agent"
    risk low
    rule "headercontent:\"dlvr.it\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Docoloc {
    category Crawler
    risk low
    rule "headercontent:\"Docoloc\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature DomainAppender {
    category Crawler
    risk low
    rule "headercontent:\"DomainAppender\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature DomainMacroCrawler {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"DomainMacroCrawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature DomainSONOCrawler {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"DomainSONOCrawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature DomainSigmaCrawler {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"DomainSigmaCrawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature DomainStatsBot {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"DomainStatsBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature DomainTunoCrawler {
    category Crawler
    risk low
    rule "headercontent:\"DomainTunoCrawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature DotDotPwn {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"DotDotPwn\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature DownloadMR {
    category Spyware
    risk high
    rule "headercontent:\"DownloadMR\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature DowntimeDetector {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"DowntimeDetector\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature DuckDuckGo-Favicons-Bot {
    category Crawler
    risk low
    rule "headercontent:\"DuckDuckGo-Favicons-Bot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Duckling {
    category Spyware
    risk high
    rule "headercontent:\"Duckling/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Dyre {
    category "/Common/Exploit Tool"
    rule "headercontent:\"text/html,application/xhtml\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature EBrowse {
    category "/Common/Spam Bot"
    rule "headercontent:\"EBrowse\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ESurf15a {
    category "/Common/Spam Bot"
    rule "headercontent:\"ESurf15a\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature EasouSpider {
    category Crawler
    risk low
    rule "headercontent:\"EasouSpider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Easy-Thumb {
    category Crawler
    risk low
    rule "headercontent:\"Easy-Thumb\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature EdisterBot {
    category Crawler
    risk low
    rule "headercontent:\"EdisterBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Elasticsearch {
    category Crawler
    risk low
    rule "headercontent:\"Elasticsearch\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Elefent {
    category Crawler
    risk low
    rule "headercontent:\"Elefent\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature EmailSpider {
    category "/Common/E-Mail Collector"
    rule "headercontent:\"EmailSpider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Embedly {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"Embedly\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Emogen.H {
    category "/Common/Exploit Tool"
    risk high
    rule "headercontent:\"FCInstall\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Esribot {
    category Crawler
    risk low
    rule "headercontent:\"Esribot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature EuripBot {
    category Crawler
    risk low
    rule "headercontent:\"EuripBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Eurobot {
    category Crawler
    risk low
    rule "headercontent:\"Eurobot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature EventGuruBot {
    category Crawler
    risk low
    rule "headercontent:\"EventGuruBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Evri {
    category Crawler
    risk low
    rule "headercontent:\"Evrinid\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ExB {
    category Crawler
    risk low
    rule "headercontent:\"ExB Language Crawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ExaBot {
    category Crawler
    risk low
    rule "headercontent:\"Exabot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ExaleadCloudview {
    category Crawler
    risk low
    rule "headercontent:\"ExaleadCloudview\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ExchangleBot {
    category Crawler
    risk low
    rule "headercontent:\"ExchangleBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Experibot {
    category Crawler
    risk low
    rule "headercontent:\"Experibot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ExpertSearchSpider {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"ExpertSearchSpider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Exploratodo {
    category Crawler
    risk low
    rule "headercontent:\"Exploratodo\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Ezooms {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"Ezooms\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature FAST-WebCrawler {
    category Crawler
    risk low
    rule "headercontent:\"FAST-WebCrawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature FHScan {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"FHScan Core\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature FOCA {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"FOCA\"; useragentonly;"
    user-defined false
}
security dos bot-signature FSurf15a {
    category "/Common/Spam Bot"
    rule "headercontent:\"FSurf15a\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Falconsbot {
    category Crawler
    risk low
    rule "headercontent:\"Falconsbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Falcove {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"Falcove\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Faraday {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"Faraday\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Favoclick {
    category Spyware
    risk high
    rule "headercontent:\"Favoclicks\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Feed43 {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"feed43\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature FeedBucket {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"FeedBucket\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature FeedBurner {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"FeedBurner\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature FeedDemon {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"FeedDemon\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature FeedFetcher-ResultFlow {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"FeedFetcher-ResultFlow\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature FeedFinder {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"FeedFinder-2.0\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Feedbin {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"Feedbin\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Feedly {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"Feedly\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Feedreader {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"Feedreader\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Feedspot {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"Feedspot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Feedspotbot {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"Feedspotbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Feedwind {
    category Crawler
    risk low
    rule "headercontent:\"Feedwind/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Fetch {
    category Crawler
    risk low
    rule "headercontent:\"Fetch/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Fetchbot {
    category "/Common/Web Spider"
    rule "headercontent:\"Fetchbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Fever {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"Fever\"; useragentonly; nocase; depth:5;"
    user-defined false
}
security dos bot-signature Ffbot {
    category Crawler
    risk low
    rule "headercontent:\"Ffbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Fiery {
    category "/Common/Spam Bot"
    rule "headercontent:\"Fiery\"; useragentonly; nocase; depth:5;"
    user-defined false
}
security dos bot-signature FindLinks {
    category Crawler
    risk low
    rule "headercontent:\"findlinks\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Findxbot {
    category Crawler
    risk low
    rule "headercontent:\"Findxbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature FlightDeckReportsBot {
    category Crawler
    risk low
    rule "headercontent:\"FlightDeckReportsBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature FlipboardProxy {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"FlipboardProxy\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature FooBar42 {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"FooBar/42\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Fooooo_Web_Video_Crawl {
    category Crawler
    risk low
    rule "headercontent:\"Fooooo_Web_Video_Crawl\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Fortunelounge {
    category Spyware
    risk high
    rule "headercontent:\"VIP_TRACKING\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature FoundSeoTool {
    category "/Common/Service Agent"
    domains { found.co.uk }
    risk low
    rule "headercontent:\"FoundSeoTool\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature FreeRSSReader {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"FreeRSSReader\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature FyberSpider {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"FyberSpider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature GC3pro {
    category Crawler
    risk low
    rule "headercontent:\"GC3pro\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature GIDBot {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"GIDBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature GOFORITBOT {
    category Crawler
    risk low
    rule "headercontent:\"GOFORITBOT\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature GT::WWW {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"GT::WWW\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature GTmetrix {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"GTMetrix\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature GarlikCrawler {
    category Crawler
    risk low
    rule "headercontent:\"GarlikCrawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature GeliyooBot {
    category Crawler
    risk low
    rule "headercontent:\"GeliyooBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Genderanalyzer {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"Genderanalyzer\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature GeneralDownloadApplication {
    category Spyware
    risk high
    rule "headercontent:\"GeneralDownloadApplication\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature GentleSource {
    category Crawler
    risk low
    rule "headercontent:\"GentleSource\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature GermCrawler {
    category "/Common/Web Spider"
    rule "headercontent:\"GermCrawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature GetFoundBot {
    category Crawler
    risk low
    rule "headercontent:\"GetFoundBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature GetLinkInfo {
    category Crawler
    risk low
    rule "headercontent:\"GetLinkInfo\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature GetProxi.es-bot {
    category Crawler
    risk low
    rule "headercontent:\"GetProxi.es-bot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature GetRight {
    category "/Common/Web Downloader"
    risk low
    rule "headercontent:\"GetRight\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature GetURLInfo {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"GetURLInfo\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Ghostery {
    category Crawler
    risk low
    rule "headercontent:\"Evidon\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature GigablastOpenSource {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"GigablastOpenSource\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Gigabot {
    category Crawler
    risk low
    rule "headercontent:\"Gigabot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Gimme60bot {
    category Crawler
    risk low
    rule "headercontent:\"Gimme60bot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature GimmeUSAbot {
    category Crawler
    risk low
    rule "headercontent:\"GimmeUSAbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Girafabot {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"Girafabot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Gnip {
    category Crawler
    risk low
    rule "headercontent:\"UnwindFetchor\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature GoFind.Ai {
    category Crawler
    risk low
    rule "headercontent:\"GoFind.Ai\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature GoSquared {
    category Crawler
    risk low
    rule "headercontent:\"GoSquared-Status-Checker\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Godzilla {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"Godzilla\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Golem {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"golem\"; useragentonly; nocase; depth:5;"
    user-defined false
}
security dos bot-signature Gomez {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"gomezagent\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Goo {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"search.goo.ne.jp\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Google {
    category "/Common/Search Engine"
    domains { .google.com .googlebot.com }
    risk low
    rule "headercontent:\"Googlebot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Google-Adwords-Instant {
    category Crawler
    domains { .google.com .googlebot.com }
    risk low
    rule "headercontent:\"Google-Adwords-Instant\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Google-Calendar-Importer {
    category Crawler
    domains { .google.com .googlebot.com }
    risk low
    rule "headercontent:\"Google-Calendar-Importer\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Google-Site-Verification {
    category Crawler
    domains { .google.com .googlebot.com }
    risk low
    rule "headercontent:\"Google-Site-Verification\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Google-Sitemaps {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"Google-Sitemaps\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature GoogleWebLight {
    category Crawler
    domains { .google.com .googlebot.com }
    risk low
    rule "headercontent:\"GoogleWebLight\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Google_Analytics_Snippet_Validator {
    category Crawler
    domains { .google.com .googlebot.com }
    risk low
    rule "headercontent:\"Google_Analytics_Snippet_Validator\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature GotSiteMonitor {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"GotSiteMonitor\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature GozaikBot {
    category Crawler
    risk low
    rule "headercontent:\"GozaikBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Grahambot {
    category "/Common/Web Spider"
    rule "headercontent:\"Grahambot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Grammarly {
    category Crawler
    risk low
    rule "headercontent:\"Grammarly\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Grapeshot {
    category Crawler
    risk low
    rule "headercontent:\"GrapeshotCrawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Gregarius {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"Gregarius\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Grendel-Scan {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"Grendel-Scan\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature GrepNetstatBot {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"GrepNetstatBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Guzzle {
    category Crawler
    risk low
    rule "headercontent:\"Guzzle/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature HTTP-Engine {
    category Spyware
    risk high
    rule "headercontent:\"HTTP-Engine\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature HTTP::Lite {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"HTTP::Lite\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature HTTrack {
    category "/Common/Web Downloader"
    risk low
    rule "headercontent:\"httrack\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Haiula {
    category Crawler
    risk low
    rule "headercontent:\"Haiula\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Harvest {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"harvest/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Hatena {
    category "/Common/Social Media Agent"
    risk low
    rule "headercontent:\"Hatena\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Havij {
    category "/Common/Exploit Tool"
    risk high
    rule "headercontent:\"Havij\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature HeartRails_Capture {
    category Crawler
    risk low
    rule "headercontent:\"HeartRails_Capture\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Heirtrix {
    category Crawler
    risk low
    rule "headercontent:\"heritrix\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature HetrixTools.COM {
    category Crawler
    risk low
    rule "headercontent:\"HetrixTools.COM\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Heurekabot-Feed {
    category Crawler
    risk low
    rule "headercontent:\"Heurekabot-Feed\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Heurekabot-ImageFullText {
    category Crawler
    risk low
    rule "headercontent:\"Heurekabot-ImageFullText\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature HttpComponents {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"httpcomponents\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature HttpUnit {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"httpunit\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature HuaweiSymantecSpider {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"HuaweiSymantecSpider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature HubPages {
    category Crawler
    risk low
    rule "headercontent:\"HubPages\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature HubSpot {
    category Crawler
    risk low
    rule "headercontent:\"HubSpot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Hydra {
    category "/Common/Exploit Tool"
    risk high
    rule "headercontent:\"Hydra\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ICC-Crawler {
    category Crawler
    risk low
    rule "headercontent:\"ICC-Crawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature IDG.IT {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"IDG/IT\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature IDWhois {
    category Crawler
    risk low
    rule "headercontent:\"IDWhois\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature IPv4Scan {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"IPv4Scan\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature IXEbot {
    category Crawler
    risk low
    rule "headercontent:\"IXEbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature IdeelaborPlagiaat {
    category Crawler
    risk low
    rule "headercontent:\"IdeelaborPlagiaat\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Iframely {
    category Crawler
    risk low
    rule "headercontent:\"Iframely\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature IlTrovatore-Setaccio {
    category Crawler
    risk low
    rule "headercontent:\"IlTrovatore-Setaccio\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ImplisenseBot {
    category Crawler
    risk low
    rule "headercontent:\"ImplisenseBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Incapsula {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"Incapsula\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature InetURL {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"InetURL\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Infegy {
    category Crawler
    risk low
    rule "headercontent:\"Infegy\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Inspingbot {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"Inspingbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Irokez {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"Irokez.cz\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature IstellaBot {
    category Crawler
    risk low
    rule "headercontent:\"IstellaBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature JUST-CRAWLER {
    category Crawler
    risk low
    rule "headercontent:\"JUST-CRAWLER\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Jabse {
    category Crawler
    risk low
    rule "headercontent:\"Jabse\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Jakarta {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"Jakarta\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Java {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"Java/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Jigsaw {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"Jigsaw\"; useragentonly; nocase; headercontent:\"W3C_CSS_Validator_JFouffa\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature JikeSpider {
    category Crawler
    risk low
    rule "headercontent:\"JikeSpider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature JiveSearchBot {
    category Crawler
    risk low
    rule "headercontent:\"JiveSearchBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Jorgee {
    category "/Common/Exploit Tool"
    rule "headercontent:\"Jorgee\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Jyxobot {
    category Crawler
    risk low
    rule "headercontent:\"Jyxobot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature KOCMOHABT {
    category Crawler
    risk low
    rule "headercontent:\"KOCMOHABT\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature KTXN {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"ktxn\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Karneval-Bot {
    category Crawler
    risk low
    rule "headercontent:\"Karneval-Bot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Kemvibot {
    category Crawler
    risk low
    rule "headercontent:\"Kemvibot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature KeywordDensityRobot {
    category Crawler
    risk low
    rule "headercontent:\"KeywordDensityRobot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Kscan {
    category "/Common/Network Scanner"
    risk high
    rule "headercontent:\"kscan\"; useragentonly; nocase; depth:5;"
    user-defined false
}
security dos bot-signature Kyoto-Crawler {
    category Crawler
    risk low
    rule "headercontent:\"Kyoto-Crawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Kyoto-Tohoku-Crawler {
    category Crawler
    risk low
    rule "headercontent:\"Kyoto-Tohoku-Crawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature L.webis {
    category Crawler
    risk low
    rule "headercontent:\"L.webis\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature LSSRocketCrawler {
    category Crawler
    risk low
    rule "headercontent:\"LSSRocketCrawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature LapozzBot {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"LapozzBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Lavf {
    category "/Common/Web Downloader"
    rule "headercontent:\"Lavf\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Leikibot {
    category Crawler
    risk low
    rule "headercontent:\"Leikibot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature LexxeBot {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"LexxeBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Liferea {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"Liferea\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature LinguaBot {
    category Crawler
    risk low
    rule "headercontent:\"LinguaBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature LinkAider {
    category Crawler
    risk low
    rule "headercontent:\"LinkAider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature LinkMarket {
    category Crawler
    risk low
    rule "headercontent:\"LinkMarket\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature LinkScan {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"linkscan\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature LinkTiger {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"LinkTiger\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature LinkedIn {
    category "/Common/Social Media Agent"
    risk low
    rule "headercontent:\"LinkedInBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature LinkpadBot {
    category Crawler
    risk low
    rule "headercontent:\"LinkpadBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature LinqiaMetadataDownloaderBot {
    category Crawler
    risk low
    rule "headercontent:\"LinqiaMetadataDownloaderBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature LinqiaRSSBot {
    category Crawler
    risk low
    rule "headercontent:\"LinqiaRSSBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature LinqiaScrapeBot {
    category Crawler
    risk low
    rule "headercontent:\"LinqiaScrapeBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature LivelapBot {
    category Crawler
    risk low
    rule "headercontent:\"LivelapBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature LoadImpactPageAnalyzer {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"LoadImpactPageAnalyzer\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature LoadImpactRload {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"LoadImpactRload\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature LogicMonitor {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"LogicMonitor\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Lotto {
    category Spyware
    risk high
    rule "headercontent:\"Lotto\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature LuminateBot {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"LuminateBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature MFC_Tear_Sample {
    category "/Common/Spam Bot"
    rule "headercontent:\"MFC_Tear_Sample\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature MLBot {
    category Crawler
    risk low
    rule "headercontent:\"mlbot\"; useragentonly; nocase; depth:5;"
    user-defined false
}
security dos bot-signature MagiBot {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"MagiBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Mail.Ru {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"Mail.RU\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Majestic-12 {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"MJ12bot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature MarketBrewBot {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"MarketBrewBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Mediapartners-Google {
    category Crawler
    domains { .google.com .googlebot.com }
    risk low
    rule "headercontent:\"Mediapartners-Google\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature MetaInspector {
    category Crawler
    risk low
    rule "headercontent:\"MetaInspector\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature MetaTagRobot {
    category Crawler
    risk low
    rule "headercontent:\"MetaTagRobot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Metadataparser {
    category Crawler
    risk low
    rule "headercontent:\"metadataparser/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Micromax {
    category Crawler
    risk low
    rule "headercontent:\"Micromax\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Microsearch {
    category Crawler
    risk low
    rule "headercontent:\"Microsearch.ru\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Microsoft-WebDAV-MiniRedir {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"Microsoft-WebDAV-MiniRedir\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Missigua {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"Missigua\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Miva {
    category Crawler
    risk low
    rule "headercontent:\"miva\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Moatbot {
    category Crawler
    risk low
    rule "headercontent:\"Moatbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature MojeekBot {
    category "/Common/Search Engine"
    domains { .mojeek.com }
    risk low
    rule "headercontent:\"MojeekBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Moreover {
    category Crawler
    risk low
    rule "headercontent:\"Moreover\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Morzilla {
    category "/Common/Exploit Tool"
    risk high
    rule "headercontent:\"Morzilla\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Moxilla {
    category Spyware
    risk high
    rule "headercontent:\"Moxilla\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Museon {
    category Spyware
    risk high
    rule "headercontent:\"Museon\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature MyLove {
    category Spyware
    risk high
    rule "headercontent:\"MyLove\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature MyWaySearch {
    category Spyware
    rule "headercontent:\"MyWay\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Mysqloit {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"Mysqloit\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature N-Stalker {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"N-Stalker Agent/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature NICErsPRO {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"NICErsPRO\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature NL-Crawler {
    category "/Common/Spam Bot"
    rule "headercontent:\"NL-Crawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature NOSEC.Jsky {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"NOSEC.Jsky\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature NV32ts {
    category "/Common/Exploit Tool"
    risk high
    rule "headercontent:\"NV32ts\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature NateOn {
    category Spyware
    rule "headercontent:\"NateOn/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature NeXpose {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"NeXpose\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature NerdyBot {
    category Crawler
    risk low
    rule "headercontent:\"NerdyBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature NetSeer {
    category Crawler
    risk low
    rule "headercontent:\"NetSeer crawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Netsparker {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"Netsparker\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature NeuralBot {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"NeuralBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature NewsBlur {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"NewsBlur\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Newsify {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"Newsify\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature NimbuBot {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"NimbuBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Nutch {
    category Crawler
    risk low
    rule "headercontent:\"crawler/Nutch\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Omgili {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"omgilibot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature OodleBot {
    category Crawler
    risk low
    rule "headercontent:\"oodlebot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature OpenLinkProfiler {
    category Crawler
    risk low
    rule "headercontent:\"spbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Our_Agent {
    category Spyware
    risk high
    rule "headercontent:\"Our_Agent\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Outbrain {
    category Crawler
    risk low
    rule "headercontent:\"outbrain\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature PECL::HTTP {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"PECL::HTTP\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature PHP {
    category "/Common/Spam Bot"
    rule "headercontent:\"PHP/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature PHPCrawl {
    category "/Common/Spam Bot"
    rule "headercontent:\"PHPCrawl\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature POE-Component-Client {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"POE-Component-Client\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature PageDown {
    category "/Common/Web Downloader"
    risk low
    rule "headercontent:\"PageDown/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Panopta {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"Panopta\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature PasteTitle {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"PasteTitle\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Pcore-HTTP {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"Pcore-HTTP\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature PercolateCrawler {
    category Crawler
    risk low
    rule "headercontent:\"PercolateCrawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature PhantomJS {
    category "/Common/Headless Browser"
    rule "headercontent:\"PhantomJS\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Photon {
    category Crawler
    risk low
    rule "headercontent:\"Photon\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Picsearch {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"psbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Pingdom {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"Pingdom.com_bot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Pingometer {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"Pingometer\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Pinterest {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"www.pinterest.com\\/bot.html\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Poller {
    category Spyware
    risk high
    rule "headercontent:\"Poller\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature PrivacyInfoUpdate {
    category Spyware
    risk high
    rule "headercontent:\"PrivacyInfoUpdate\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ProWebWalker {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"ProWebWalker\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ProxyStrike {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"XSSIPWNR\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature PyCurl {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"PyCurl\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Pylot {
    category "/Common/DOS Tool"
    risk high
    rule "headercontent:\"Pylot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Qualys {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"Qualys\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Qwantify {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"Qwantify\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature R6_FeedFetcher {
    category Crawler
    risk low
    rule "headercontent:\"R6_FeedFetcher\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature REKOM {
    category Spyware
    risk high
    rule "headercontent:\"REKOM\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature RSDN {
    category Spyware
    risk high
    rule "headercontent:\"RSDN\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature RSSGraffiti {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"RSSGraffiti\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature RSSInclude {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"RSSInclude\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature RSSMix {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"RSSMix/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature RSSOwl {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"RSSOwl\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Rankur {
    category "/Common/Social Media Agent"
    risk low
    rule "headercontent:\"Rankur\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature RebelMouse {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"RebelMouse\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Reconnoiter {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"Reconnoiter\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Reedah {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"Reedah\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature RepairR {
    category Spyware
    risk high
    rule "headercontent:\"RepairR\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ResearchBot {
    category Crawler
    risk low
    rule "headercontent:\"ResearchBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Riddler {
    category Crawler
    risk low
    rule "headercontent:\"Riddler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature RoboForm {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"RoboForm\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Rogerbot {
    category Crawler
    risk low
    rule "headercontent:\"rogerBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature RogueAntiSpyware {
    category Spyware
    rule "headercontent:\"Msobe_\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature RogueSoftware.MacOS.MacProtector.A {
    category Spyware
    risk high
    rule "headercontent:\"MacProtector\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature RogueSoftware.Win32.Rclean {
    category Spyware
    risk high
    rule "headercontent:\"RCleanT\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature S.T.A.L.K.E.R. {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"S.T.A.L.K.E.R.\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature SEOENGWorldBot {
    category Crawler
    risk low
    rule "headercontent:\"SEOENGWorldBot/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature SWISH-E {
    category Crawler
    risk low
    rule "headercontent:\"swish-e\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature SafeSearch {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"SafeSearch\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature SameAgent {
    category Spyware
    risk high
    rule "headercontent:\"SameAgent\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Sample {
    category Spyware
    rule "headercontent:\"sample\"; useragentonly; nocase; depth:6;"
    user-defined false
}
security dos bot-signature ScanAlert {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"ScanAlert\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Scanbot {
    category Crawler
    risk low
    rule "headercontent:\"Scanbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ScrapeBox {
    category Spyware
    risk high
    rule "headercontent:\"ScrapeBox\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Scrapy {
    category "/Common/Web Spider"
    risk low
    rule "headercontent:\"Scrapy\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ScreenerBot {
    category "/Common/Spam Bot"
    rule "headercontent:\"ScreenerBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Se2011 {
    category Spyware
    risk high
    rule "headercontent:\"Se20\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature SemrushBot {
    category Crawler
    risk low
    rule "headercontent:\"SemrushBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Seznam {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"SeznamBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature SharpReader {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"SharpReader\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ShowyouBot {
    category Crawler
    risk low
    rule "headercontent:\"ShowyouBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Shrook {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"Shrook\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Siege {
    category "/Common/DOS Tool"
    rule "headercontent:\"JoeDog\"; useragentonly; nocase; headercontent:\"Siege\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature SimpleClient {
    category Spyware
    risk high
    rule "headercontent:\"SimpleClient \"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature SiteCheck {
    category Crawler
    risk low
    rule "headercontent:\"SiteCheck\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature SiteCon {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"sitecon\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature SiteLock {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"SiteLock\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature SiteSnagger {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"SiteSnagger\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature SiteUptime {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"SiteUptime.com\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Slack-ImgProxy {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"Slack-ImgProxy\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Slackbot {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"Slackbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature SlimerJS {
    category "/Common/Headless Browser"
    rule "headercontent:\"SlimerJS\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature SmokePing {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"smokeping\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Sogou {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"Sogou\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Soso {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"Sosospider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Springenwerk {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"Springenwerk\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature SputnikBot {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"SputnikBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature StatsInfo {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"StatsInfo\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Sucuri {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"Sucuri\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Sun-Tzu {
    category "/Common/Exploit Tool"
    risk high
    rule "headercontent:\"Sun-Tzu\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Superfeedr {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"Superfeedr\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature SurveyBot {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"SurveyBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Syncbot {
    category "/Common/Spam Bot"
    rule "headercontent:\"Syncbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Synopsis1.com {
    category Spyware
    risk high
    rule "headercontent:\"}sysupd{\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature TBRSS {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"TBRSS\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature TL32Sn {
    category "/Common/Exploit Tool"
    risk high
    rule "headercontent:\"TL32Sn\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature TLSProber {
    category "/Common/Network Scanner"
    risk high
    rule "headercontent:\"TLSProber\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature TalkTalk {
    category Crawler
    risk low
    rule "headercontent:\"TalkTalk\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Techmixx {
    category Crawler
    risk low
    rule "headercontent:\"techmixx Spider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Telesoft {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"Telesoft\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ThumbSniper {
    category Crawler
    risk low
    rule "headercontent:\"ThumbSniper\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Thunderstone {
    category Crawler
    risk low
    rule "headercontent:\"t-h-u-n-d-e-r-s-t-o-n-e\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Tiny {
    category Spyware
    rule "headercontent:\"tiny\"; useragentonly; nocase; depth:4;"
    user-defined false
}
security dos bot-signature Toata {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"Toata\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Trojan-Downloader.Win32.FraudLoad.yevp {
    category Spyware
    rule "headercontent:\"Opera/9.33 (Windows NT 5.1|3b| LangID=\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature TrovitBot {
    category Crawler
    risk low
    rule "headercontent:\"trovit\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature TurnitinBot {
    category Crawler
    risk low
    rule "headercontent:\"TurnitinBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Tweetbot {
    category "/Common/Social Media Agent"
    risk low
    rule "headercontent:\"Tweetbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Tweetmeme {
    category Crawler
    risk low
    rule "headercontent:\"TweetmemeBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Twiceler {
    category Crawler
    risk low
    rule "headercontent:\"twiceler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Twingly {
    category Crawler
    risk low
    rule "headercontent:\"twingly\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature TwitterFeed {
    category "/Common/Social Media Agent"
    risk low
    rule "headercontent:\"TwitterFeed\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Twitterbot {
    category "/Common/Social Media Agent"
    risk low
    rule "headercontent:\"Twitterbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Typhoeus {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"Typhoeus\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature URI::Fetch {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"URI::Fetch\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Uil2pn {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"uil2pn\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Uniscan {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"Uniscan\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature UniversalFeedParser {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"UniversalFeedParser\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature UniversalUserAgent(winHTTP) {
    category Spyware
    risk high
    rule "headercontent:\"UniversalUserAgent(winHTTP)\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Unknown {
    category Crawler
    risk low
    rule "headercontent:\"Unknown\"; useragentonly; nocase; depth:7;"
    user-defined false
}
security dos bot-signature Updater {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"Updater\"; useragentonly; nocase; depth:7;"
    user-defined false
}
security dos bot-signature Updowner {
    category Crawler
    risk low
    rule "headercontent:\"Updownerbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature UptimeRobot {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"UptimeRobot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Uptimebot {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"uptime.com\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature User-Agent {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"User-Agent\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature UserLM {
    category Spyware
    risk high
    rule "headercontent:\"UserLM\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature VCTestClient {
    category Spyware
    risk high
    rule "headercontent:\"VCTestClient\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature VMozilla {
    category Spyware
    risk high
    rule "headercontent:\"VMozilla\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature VaultPress {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"VaultPress\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Virut {
    category Spyware
    risk high
    rule "headercontent:\"NetLog\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature W32.Kazy {
    category Spyware
    risk high
    rule "headercontent:\"Mozilla/5.0 (Windows NT 5.1 |3b| v.\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature WBSearch {
    category Crawler
    risk low
    rule "headercontent:\"WBSearchBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature WEBMOLE {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"WEBMOLE\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature WFARC {
    category Crawler
    risk low
    rule "headercontent:\"wfarc\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature WHCC {
    category Spyware
    rule "headercontent:\"WHCC/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature WISEbot {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"WISEbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature WWW-Mechanize {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"WWW-Mechanize\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Watchmouse {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"watchmouse\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature WeCrawlForThePeace {
    category "/Common/Web Spider"
    rule "headercontent:\"WeCrawlForThePeace\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature WeLikeLinks {
    category Crawler
    risk low
    rule "headercontent:\"WeLikeLinks\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature WeSEE {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"WeSEE\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature WebBandit {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"WebBandit\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature WebInspect {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"webinspect\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature WebRoot {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"WebRoot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature WebVulnScan {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"WebVulnScan\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Webbuying.net {
    category Spyware
    risk high
    rule "headercontent:\"wb v\"; useragentonly; nocase; depth:4;"
    user-defined false
}
security dos bot-signature Webmetrics {
    category Crawler
    risk low
    rule "headercontent:\"webmetrics\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Whatsup {
    category Crawler
    risk low
    rule "headercontent:\"whatsup\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature WikiDo {
    category Crawler
    risk low
    rule "headercontent:\"WikiDo\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature WikiWix {
    category Crawler
    risk low
    rule "headercontent:\"wikiwix-bot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Win32.Amtian.A {
    category Spyware
    risk high
    rule "headercontent:\"Win32/Amti\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Win32.OnLineGames {
    category Spyware
    risk high
    rule "headercontent:\"Revolution\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Win32.Orsam.Cosmo {
    category Spyware
    rule "headercontent:\"E.WinInet\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Win32.Phobiq {
    category Spyware
    rule "headercontent:\"FENG\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Win32.Tdss {
    category Spyware
    risk high
    rule "headercontent:\"Mozzila\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Win32.VB.aqeg {
    category Spyware
    risk high
    rule "headercontent:\"BnetWeb WebBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature WinHttpRequest {
    category Crawler
    risk low
    rule "headercontent:\"WinHttpRequest\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Windows-RSS-Platform {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"Windows-RSS-Platform\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Winfixmaster.com {
    category Spyware
    risk high
    rule "headercontent:\"WinFix Master\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature WordPress {
    category Crawler
    risk high
    rule "headercontent:\"WordPress\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Wotbox {
    category "/Common/Web Spider"
    rule "headercontent:\"Wotbox\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Wusage {
    category Crawler
    risk low
    rule "headercontent:\"Wusage\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature XoviBot {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"XoviBot/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Xymon {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"xymonnet\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature YaCy {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"yacybot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature YahooCacheSystem {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"YahooCacheSystem\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature YahooSeeker {
    category Crawler
    risk low
    rule "headercontent:\"yahooseeker\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Yandex {
    category "/Common/Search Engine"
    domains { .yandex.com .yandex.net .yandex.ru }
    risk low
    rule "headercontent:\"Yandex\"; useragentonly; nocase; headercontent:\"http://yandex.com/bots\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature YandexSearch {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"YandexSearch\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature YetiNaverbot {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"Yeti\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature YioopBot {
    category "/Common/Search Engine"
    domains { 173-13-143-7 }
    risk low
    rule "headercontent:\"yioopbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature YisouSpider {
    category Crawler
    risk low
    rule "headercontent:\"YisouSpider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Youdao {
    category Crawler
    risk low
    rule "headercontent:\"YodaoBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Yoyo-DDoS {
    category "/Common/DOS Tool"
    rule "headercontent:\"Mozilla/4.0 (compatible|3b| MSIE 6.0|3b| Windows 5.1)\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Yunyun {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"YRSpider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Zabbix {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"Zabbix\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ZemlyaCrawl {
    category Crawler
    risk low
    rule "headercontent:\"ZemlyaCrawl\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Zend_Http_Client {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"Zend_Http_Client\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Zing-BottaBot {
    category "/Common/Spam Bot"
    rule "headercontent:\"Zing-BottaBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ZmEu {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"ZmEu\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature Zollard {
    category "/Common/Exploit Tool"
    rule "headercontent:\"Zollard\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature aHrefs {
    category Crawler
    risk low
    rule "headercontent:\"AhrefsBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ab {
    category "/Common/DOS Tool"
    rule "headercontent:\"ApacheBench\"; useragentonly;"
    user-defined false
}
security dos bot-signature abot {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"abot\"; useragentonly; nocase; depth:4;"
    user-defined false
}
security dos bot-signature absinthe {
    category "/Common/Exploit Tool"
    risk high
    rule "headercontent:\"absinthe\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature adbeat_bot {
    category Crawler
    risk low
    rule "headercontent:\"adbeat_bot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature adsarobot {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"adsarobot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature agdm79 {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"agdm79@mail.ru\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature aipbot {
    category "/Common/Spam Bot"
    rule "headercontent:\"aipbot/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature aolbuild {
    category Crawler
    risk low
    rule "headercontent:\"aolbuild\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature aport {
    category Crawler
    risk low
    rule "headercontent:\"aport\"; useragentonly; nocase; depth:5;"
    user-defined false
}
security dos bot-signature applesyndication {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"applesyndication\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature archive.org {
    category Crawler
    risk low
    rule "headercontent:\"archive.org_bot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature asd {
    category Spyware
    risk high
    rule "headercontent:\"asd\"; useragentonly; nocase; depth:3;"
    user-defined false
}
security dos bot-signature atSpider {
    category "/Common/Spam Bot"
    rule "headercontent:\"atSpider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature athens {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"athens\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ati2qs {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"ati2qs\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature atomz {
    category Crawler
    risk low
    rule "headercontent:\"atomz\"; useragentonly; nocase; depth:5;"
    user-defined false
}
security dos bot-signature attache {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"attache\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature auto_plugin {
    category Spyware
    risk high
    rule "headercontent:\"auto_plugin\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature autoemailspider {
    category "/Common/E-Mail Collector"
    risk high
    rule "headercontent:\"autoemailspider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature autohttp {
    category "/Common/Web Spider"
    rule "headercontent:\"autohttp\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature automailspider {
    category "/Common/E-Mail Collector"
    risk high
    rule "headercontent:\"automailspider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ayyy-lmao {
    category Spyware
    risk high
    rule "headercontent:\"ayyy-lmao\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature b2w {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"b2w\"; useragentonly; nocase; depth:3;"
    user-defined false
}
security dos bot-signature bajun {
    category Spyware
    risk high
    rule "headercontent:\"bajun\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature betabot {
    category Spyware
    risk high
    rule "headercontent:\"betabot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature bew {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"bew\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature bilbo {
    category "/Common/Network Scanner"
    risk high
    rule "headercontent:\"bilbo\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature bitlybot {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"bitlybot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature blitzbot {
    category Crawler
    risk low
    rule "headercontent:\"blitzbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature blog.erratasec.com {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"blog.erratasec.com\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature bloglines {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"bloglines\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature bookie {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"bookie /\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature brutus {
    category "/Common/Exploit Tool"
    risk high
    rule "headercontent:\"brutus\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature bwh3_user_agent {
    category "/Common/Spam Bot"
    rule "headercontent:\"bwh3_user_agent\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature cg-eye {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"cg-eye\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature cgichk {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"cgichk\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature changhuatong {
    category Spyware
    risk high
    rule "headercontent:\"changhuatong\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature charlotte {
    category Crawler
    risk low
    rule "headercontent:\"charlotte\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature check_http {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"check_http\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature checkgzipcompression {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"checkgzipcompression\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature chinaclaw {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"chinaclaw\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature coccoc {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"coccoc\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature combine {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"combine\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature commix {
    category "/Common/Exploit Tool"
    rule "headercontent:\"commix\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature core-project {
    category "/Common/Exploit Tool"
    risk high
    rule "headercontent:\"core-project\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature cosmos {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"cosmos\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature crawler4j {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"crawler4j\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature crawler101-Nutch {
    category Crawler
    risk low
    rule "headercontent:\"crawler101/Nutch\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature curl {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"curl/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature custo {
    category "/Common/Spam Bot"
    rule "headercontent:\"custo\"; useragentonly; nocase; depth:5;"
    user-defined false
}
security dos bot-signature cz32ts {
    category "/Common/Exploit Tool"
    risk high
    rule "headercontent:\"cz32ts\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature czxt2s {
    category "/Common/Exploit Tool"
    risk high
    rule "headercontent:\"czxt2s\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature daumoa {
    category Crawler
    risk low
    rule "headercontent:\"daumoa\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature deepcrawl {
    category Crawler
    risk low
    rule "headercontent:\"deepcrawl\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature digout4uagent {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"digout4uagent\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature domengood.ru {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"domengood.ru\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature dotbot {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"dotbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature downforeveryoneorjustme {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"downforeveryoneorjustme\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature eCatch {
    category "/Common/E-Mail Collector"
    rule "headercontent:\"eCatch\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ecollector {
    category "/Common/E-Mail Collector"
    risk high
    rule "headercontent:\"ecollector\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature eirgrabber {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"eirgrabber\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature emailcollect {
    category "/Common/E-Mail Collector"
    risk high
    rule "headercontent:\"emailcollect\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature emailharvest {
    category "/Common/E-Mail Collector"
    risk high
    rule "headercontent:\"emailharvest\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature emailmagnet {
    category "/Common/E-Mail Collector"
    risk high
    rule "headercontent:\"emailmagnet\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature emailreaper {
    category "/Common/E-Mail Collector"
    risk high
    rule "headercontent:\"emailreaper\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature emailsiphon {
    category "/Common/E-Mail Collector"
    risk high
    rule "headercontent:\"emailsiphon\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature emailwolf {
    category "/Common/E-Mail Collector"
    risk high
    rule "headercontent:\"emailwolf\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature enlle {
    category Crawler
    risk low
    rule "headercontent:\"enlle\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature extractorpro {
    category "/Common/E-Mail Collector"
    risk high
    rule "headercontent:\"extractorpro\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature fantomBrowser {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"fantomBrowser\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature fastlwspider {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"fastlwspider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature feedjira {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"feedjira\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature flatlandbot {
    category Crawler
    risk low
    rule "headercontent:\"flatlandbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature floodgate {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"floodgate\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature g2reader-bot {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"g2reader-bot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature gipo-crawler {
    category Crawler
    risk low
    rule "headercontent:\"gipo-crawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature gocrawl {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"gocrawl\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature gooblog {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"gooblog\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature happyoubot {
    category Crawler
    risk low
    rule "headercontent:\"happyoubot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature hawkReader {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"hawkReader\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature hhjhj@yahoo {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"hhjhj@yahoo\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature hivaBot {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"hivaBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature hl_ftien_spider {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"hl_ftien_spider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature holmes {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"holmes/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature httprint {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"Mozilla/4.0 (httprint)\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature iCjobs {
    category Crawler
    risk low
    rule "headercontent:\"iCjobs\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature iSearch {
    category Crawler
    risk low
    rule "headercontent:\"isearch\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature iSense {
    category Crawler
    risk low
    rule "headercontent:\"isense bot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature iZSearch {
    category Crawler
    risk low
    rule "headercontent:\"iZSearch\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ibot {
    category Crawler
    risk low
    rule "headercontent:\"ibot\"; useragentonly; nocase; depth:4;"
    user-defined false
}
security dos bot-signature ichiro {
    category Crawler
    risk low
    rule "headercontent:\"ichiro\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ieautodiscovery {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"ieautodiscovery\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature imagecoccoc {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"imagecoccoc\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature info-safe.co.kr {
    category Spyware
    risk high
    rule "headercontent:\"InfoSafe\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature infolink {
    category Crawler
    risk low
    rule "headercontent:\"infolink\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature internetseer {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"internetseer\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ips-agent {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"ips-agent\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature iqdb {
    category Crawler
    risk low
    rule "headercontent:\"iqdb\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature iskanie {
    category Crawler
    risk low
    rule "headercontent:\"iskanie\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature jaascois {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"jaascois\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature jexboss {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"jexboss\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature jobo {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"jobo\"; useragentonly; nocase; depth:4;"
    user-defined false
}
security dos bot-signature keynote {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"keynote\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature killemall {
    category "/Common/DOS Tool"
    rule "headercontent:\"X-Bloodspear\"; useragentonly;"
    user-defined false
}
security dos bot-signature kinja {
    category Crawler
    risk low
    rule "headercontent:\"kinja\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature larbin {
    category Crawler
    risk low
    rule "headercontent:\"larbin\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature librabot {
    category Crawler
    risk low
    rule "headercontent:\"librabot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature libwww {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"libwww\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature linkapediabot {
    category Crawler
    risk low
    rule "headercontent:\"linkapediabot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature linkbot {
    category Crawler
    risk low
    rule "headercontent:\"linkbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature linkchecker {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"linkchecker\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature linkdexbot {
    category Crawler
    risk low
    rule "headercontent:\"linkdexbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature linklint {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"linklint\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature lwp {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"lwp\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature lydia {
    category Crawler
    risk low
    rule "headercontent:\"lydia\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature magpie-crawler {
    category Crawler
    risk low
    rule "headercontent:\"magpie-crawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature mailto:craftbot@yahoo.com {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"mailto|3A|craftbot@yahoo.com\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature masscan {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"masscan\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature mdms {
    category Spyware
    risk high
    rule "headercontent:\"mdms\"; useragentonly; nocase; depth:4;"
    user-defined false
}
security dos bot-signature metis {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"metis\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature minimysqlat0r {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"prog.CustomCrawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature mon.itor.us {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"mon.itor.us\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature monitis {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"monitis\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature mothra {
    category "/Common/Spam Bot"
    rule "headercontent:\"mothra\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ms-office {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"ms-office\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature msnbot {
    category "/Common/Search Bot"
    domains { .msn.com }
    risk low
    rule "headercontent:\"msnbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature msndown {
    category Spyware
    risk high
    rule "headercontent:\"msndown\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature muCommander {
    category "/Common/Web Downloader"
    risk low
    rule "headercontent:\"muCommander\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature n-stealth {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"n-stealth\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature netants {
    category "/Common/Web Downloader"
    risk low
    rule "headercontent:\"netants\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature netscan.gtisc.gatech.edu {
    category Crawler
    risk low
    rule "headercontent:\"netscan.gtisc.gatech.edu\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature news.me {
    category "/Common/Social Media Agent"
    risk low
    rule "headercontent:\"newsme\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature nextgensearchbot {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"nextgensearchbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature niki-bot {
    category "/Common/Web Spider"
    rule "headercontent:\"niki-bot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature nikto {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"nikto\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature nlcrawler {
    category Crawler
    risk low
    rule "headercontent:\"nlcrawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature node-crawler {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"node-crawler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature nomad {
    category Crawler
    risk low
    rule "headercontent:\"nomad\"; useragentonly; nocase; depth:5;"
    user-defined false
}
security dos bot-signature npbot {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"npbot\"; useragentonly; nocase; depth:5;"
    user-defined false
}
security dos bot-signature nsauditor {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"nsauditor\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature oBot {
    category Crawler
    risk low
    rule "headercontent:\"oBot/\"; useragentonly;"
    user-defined false
}
security dos bot-signature okhttp {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"okhttp/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature oku-taka-lab-bot {
    category Crawler
    risk low
    rule "headercontent:\"oku-taka-lab-bot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature openindex {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"OpenindexSpider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature packrat {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"packrat\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature pangolin {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"pangolin\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature panscient.com {
    category "/Common/Spam Bot"
    rule "headercontent:\"panscient.com\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature paros {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"paros\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature pavuk {
    category "/Common/Web Downloader"
    risk low
    rule "headercontent:\"pavuk\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature pcbrowser {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"pcbrowser\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature pcsafe {
    category Spyware
    risk high
    rule "headercontent:\"pcsafe\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature perl {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"perl/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature plugin {
    category Spyware
    risk high
    rule "headercontent:\"plugin\"; useragentonly; nocase; depth:6;"
    user-defined false
}
security dos bot-signature plumtree {
    category Crawler
    risk low
    rule "headercontent:\"plumtree\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature pmafind {
    category "/Common/Web Spider"
    risk high
    rule "headercontent:\"pmafind\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature probethenet.com {
    category "/Common/Vulnerability Scanner"
    rule "headercontent:\"probethenet.com\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature psurf {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"psurf\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature pxyscand {
    category Spyware
    risk high
    rule "headercontent:\"pxyscand/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature python-requests {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"python-requests\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature qqkuyou {
    category Spyware
    risk high
    rule "headercontent:\"Open URL Application\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature random {
    category Spyware
    risk high
    rule "headercontent:\"random\"; useragentonly; nocase; depth:6;"
    user-defined false
}
security dos bot-signature rawdog {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"rawdog\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature rest-client {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"rest-client\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature revolt {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"revolt\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature rpt-http {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"rpt-http\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature rss2email {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"rss2email/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature rsync {
    category "/Common/Web Downloader"
    risk low
    rule "headercontent:\"rsync\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature scooter {
    category Crawler
    risk low
    rule "headercontent:\"scooter\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature seekbot {
    category Crawler
    risk low
    rule "headercontent:\"seekbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature sgrunt {
    category "/Common/Exploit Tool"
    rule "headercontent:\"sgrunt\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature shai {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"shai\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature shopwiki {
    category Crawler
    risk low
    rule "headercontent:\"shopwiki\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature siteimprove {
    category Crawler
    risk low
    rule "headercontent:\"siteimprove\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature sitescooper {
    category Crawler
    risk low
    rule "headercontent:\"sitescooper\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature snoopy {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"snoopy\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature sohu {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"sohu\"; useragentonly; nocase; depth:4;"
    user-defined false
}
security dos bot-signature sqlmap {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"sqlmap\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature squirrobot {
    category "/Common/Spam Bot"
    rule "headercontent:\"squirrobot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature stackrambler {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"stackrambler\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature stagefright {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"stagefright\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature takeout {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"takeout\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature terrawizbot {
    category Crawler
    risk low
    rule "headercontent:\"terrawizbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature toweyabot {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"toweyabot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature tra.cx.pider {
    category Crawler
    risk low
    rule "headercontent:\"tra.cx.pider\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature trendictionbot {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"trendictionbot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature uMBot-LN {
    category Crawler
    risk low
    rule "headercontent:\"uMBot-LN\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature ultraseek {
    category Crawler
    risk low
    rule "headercontent:\"ultraseek\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature updatepatrol {
    category "/Common/Site Monitor"
    risk low
    rule "headercontent:\"updatepatrol\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature urllib {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"urllib\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature vTask {
    category Spyware
    risk high
    rule "headercontent:\"vTask\"; useragentonly;"
    user-defined false
}
security dos bot-signature vagabondo {
    category Crawler
    risk low
    rule "headercontent:\"vagabondo\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature w0000t {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"w0000t\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature w00tw00t.at.ISC.SANS.DFind:) {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "uricontent:\"w00tw00t.at.ISC.SANS.DFind:)\"; nocase;"
    user-defined false
}
security dos bot-signature w3af {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"w3af\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature w3mir {
    category "/Common/Web Downloader"
    risk low
    rule "headercontent:\"w3mir\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature walcome {
    category Spyware
    risk high
    rule "headercontent:\"walcome\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature wapiti {
    category "/Common/Vulnerability Scanner"
    risk high
    rule "headercontent:\"wapiti\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature waseda_koba_bot {
    category Crawler
    risk low
    rule "headercontent:\"waseda_koba_bot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature webauto {
    category "/Common/Web Downloader"
    risk low
    rule "headercontent:\"webauto\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature webcapture {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"webcapture\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature webcheck {
    category "/Common/HTTP Library"
    risk low
    rule "headercontent:\"webcheck\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature webcollage {
    category "/Common/Service Agent"
    risk low
    rule "headercontent:\"webcollage\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature webdate {
    category Spyware
    risk high
    rule "headercontent:\"webdate\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature webemailextrac {
    category "/Common/E-Mail Collector"
    risk high
    rule "headercontent:\"webemailextrac\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature wget {
    category "/Common/Web Downloader"
    risk low
    rule "headercontent:\"wget/\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature woobot {
    category Crawler
    risk low
    rule "headercontent:\"woobot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature x-aaaaaa {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"x-aaaaaa\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature yahoofeedseeker {
    category "/Common/RSS Reader"
    risk low
    rule "headercontent:\"yahoofeedseeker\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature yoozBot {
    category "/Common/Search Bot"
    risk low
    rule "headercontent:\"yoozBot\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature zeroup {
    category Spyware
    risk high
    rule "headercontent:\"zeroup\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature zeus {
    category "/Common/Spam Bot"
    risk high
    rule "headercontent:\"zeus\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature zgrab {
    category "/Common/Network Scanner"
    risk high
    rule "headercontent:\"zgrab\"; useragentonly; nocase;"
    user-defined false
}
security dos bot-signature-category "DOS Tool" {
    type malicious
    user-defined false
}
security dos bot-signature-category "E-Mail Collector" {
    type malicious
    user-defined false
}
security dos bot-signature-category "Exploit Tool" {
    type malicious
    user-defined false
}
security dos bot-signature-category "HTTP Library" {
    type benign
    user-defined false
}
security dos bot-signature-category "Headless Browser" {
    type benign
    user-defined false
}
security dos bot-signature-category "Network Scanner" {
    type malicious
    user-defined false
}
security dos bot-signature-category "RSS Reader" {
    type benign
    user-defined false
}
security dos bot-signature-category "Search Bot" {
    type benign
    user-defined false
}
security dos bot-signature-category "Search Engine" {
    type benign
    user-defined false
}
security dos bot-signature-category "Service Agent" {
    type benign
    user-defined false
}
security dos bot-signature-category "Site Monitor" {
    type benign
    user-defined false
}
security dos bot-signature-category "Social Media Agent" {
    type benign
    user-defined false
}
security dos bot-signature-category "Spam Bot" {
    type malicious
    user-defined false
}
security dos bot-signature-category "Vulnerability Scanner" {
    type malicious
    user-defined false
}
security dos bot-signature-category "Web Downloader" {
    type benign
    user-defined false
}
security dos bot-signature-category "Web Spider" {
    type malicious
    user-defined false
}
security dos bot-signature-category "Webserver Stress Tool" {
    type malicious
    user-defined false
}
security dos bot-signature-category Crawler {
    type benign
    user-defined false
}
security dos bot-signature-category Spyware {
    type malicious
    user-defined false
}
security dos network-whitelist dos-network-whitelist { }
security dos udp-portlist dos-udp-portlist {
    list-type exclude-listed-ports
}
security firewall config-change-log {
    log-publisher local-db-publisher
}
security firewall global-fqdn-policy { }
security firewall global-rules { }
security firewall management-ip-rules { }
security firewall on-demand-compilation { }
security firewall on-demand-rule-deploy { }
security firewall policy Outbound_FTP {
    rules {
        Outbound_FTP {
            action accept
            description "allow specific web servers in DEV DMZ ftp  access to maskaudio.upload.akamai.com"
            ip-protocol tcp
            log yes
            destination {
                port-lists {
                    FTP
                    SFTP
                }
            }
            source {
                addresses {
                    xx.107.222.31 { }
                }
                vlans {
                    Vlan422-WebSrvr-xx.xx.222.x
                }
            }
        }
        Default_Deny_All {
            action reject
            description "Deny All Else"
            log yes
        }
    }
}
security firewall port-list FTP {
    description "FTP  and FTP DATA"
    ports {
        ftp { }
        ftp-data { }
    }
}
security firewall port-list SFTP {
    ports {
        ssh { }
    }
}
security firewall port-list _sys_self_allow_tcp_defaults {
    ports {
        1029-1043 { }
        domain { }
        f5-iquery { }
        https { }
        snmp { }
        ssh { }
    }
}
security firewall port-list _sys_self_allow_udp_defaults {
    ports {
        520 { }
        cap { }
        domain { }
        f5-iquery { }
        snmp { }
    }
}
security firewall rule-list _sys_self_allow_all {
    rules {
        _sys_allow_all {
            action accept
        }
    }
}
security firewall rule-list _sys_self_allow_defaults {
    rules {
        _sys_allow_tcp_defaults {
            action accept
            ip-protocol tcp
            destination {
                port-lists {
                    _sys_self_allow_tcp_defaults
                }
            }
        }
        _sys_allow_udp_defaults {
            action accept
            ip-protocol udp
            destination {
                port-lists {
                    _sys_self_allow_udp_defaults
                }
            }
        }
        _sys_allow_ospf_defaults {
            action accept
            ip-protocol ospf
        }
        _sys_allow_pim_defaults {
            action accept
            ip-protocol pim
        }
        _sys_allow_igmp_defaults {
            action accept
            ip-protocol igmp
        }
    }
}
security firewall rule-list _sys_self_allow_management {
    rules {
        _sys_allow_ssh {
            action accept
            ip-protocol tcp
            destination {
                ports {
                    ssh { }
                }
            }
        }
        _sys_allow_web {
            action accept
            ip-protocol tcp
            destination {
                ports {
                    https { }
                }
            }
        }
    }
}
security ip-intelligence global-policy { }
security ip-intelligence policy ip-intelligence { }
security log profile splunk-logging {
    application {
        splunk-logging {
            facility local3
            local-storage disabled
            logic-operation and
            maximum-entry-length 10k
            remote-storage remote
            report-anomalies enabled
            filter {
                protocol {
                    values { all }
                }
                request-type {
                    values { illegal-including-staged-signatures }
                }
                search-all { }
            }
            format {
                type user-defined
                user-string "f5_asm=Splunk-F5-ASM,attack_type=\"%attack_type%\",date_time=\"%date_time%\",dest_ip=%dest_ip%,dest_port=%dest_port%,headers=\"%headers%\",ip_client=%ip_client%,geo_location=\"%geo_location%\",method=\"%method%\",policy_name=\"%policy_name%\",req=\"%request%\",req_status=\"%request_status%\",resp=\"%response%\",resp_code=\"%response_code%\",severity=\"%severity%\",sub_violates=\"%sub_violations%\",unit_host=\"%unit_hostname%\",uri=\"%uri%\",username=\"%username%\",violations=\"%violations%\",virus_name=\"%virus_name%\",sig_ids=\"%sig_ids%\",sig_names=\"%sig_names%\",support_id=\"%support_id%\",ip_address_intelligence=\"%ip_address_intelligence%\",violation_details=\"%violation_details%\" "
            }
            servers {
                xx.104.82.171:514 { }
            }
        }
    }
    dos-application {
        splunk-logging {
            local-publisher local-db-publisher
            remote-publisher Splunk-publisher
        }
    }
    dos-network-publisher Splunk-publisher
    ip-intelligence {
        log-publisher Splunk-publisher
        log-translation-fields enabled
    }
    network {
        splunk-logging {
            filter {
                log-acl-match-drop enabled
                log-acl-match-reject enabled
                log-ip-errors enabled
                log-tcp-errors enabled
            }
            format {
                field-list { date_time bigip_hostname acl_policy_name acl_policy_type acl_rule_name action drop_reason dest_ip dest_port src_ip src_port src_geo dest_geo protocol vlan }
                type field-list
            }
            publisher Splunk-publisher
        }
    }
    traffic-statistics {
        log-publisher Splunk-publisher
        syncookies enabled
        syncookies-whitelist enabled
    }
}
security log profile splunk-logging_local {
    application {
        splunk-logging_local {
            filter {
                protocol {
                    values { all }
                }
                request-type {
                    values { illegal-including-staged-signatures }
                }
                search-all { }
            }
            guarantee-logging enabled
        }
    }
}
sys aom { }
sys autoscale-group { }
sys cluster default {
    address xx.105.7.57/24
    members {
        1 { }
        2 { }
        3 { }
        4 { }
    }
    min-up-members 1
}
sys crypto cert wildcard.dev.maskmask.com-clientssl.crt {
    certificate-key-size 2048
    city
    common-name *.dev.maskmask.com
    country
    email-address
    expiration Jul 15 23:59:59 2020 GMT
    organization
    ou Domain Control Validated
    public-key-type RSA
    state
    subject-alternative-name DNS:dev.maskmask.com, DNS:*.dev.maskmask.com
}
sys crypto key wildcard.dev.maskmask.com-clientssl.key {
    key-size 2048
    key-type rsa-private
    security-type normal
}
sys daemon-log-settings clusterd { }
sys daemon-log-settings csyncd { }
sys daemon-log-settings icrd { }
sys daemon-log-settings lind { }
sys daemon-log-settings mcpd { }
sys daemon-log-settings tmm { }
sys datastor {
    dedup-cache-weight 0
    disk disabled
}
sys disk application-volume afmdata/2 {
    logical-disk HD1
    owner afm
    preservability precious
    size 3900
    volume-set-visibility-restraint none
}
sys disk application-volume asmdata1/2 {
    logical-disk HD1
    owner asm
    preservability precious
    size 4152
    volume-set-visibility-restraint none
}
sys disk application-volume avrdata/2 {
    logical-disk HD1
    owner avr
    preservability precious
    size 3900
    volume-set-visibility-restraint none
}
sys disk application-volume mysqldb_HD1.1/2 {
    logical-disk HD1
    owner mysql
    preservability precious
    size 12288
    volume-set-visibility-restraint HD1.1
}
sys disk application-volume mysqldb_HD1.2/2 {
    logical-disk HD1
    owner mysql
    preservability precious
    size 12288
    volume-set-visibility-restraint HD1.2
}
sys disk logical-disk HD1/2 {
    mode mixed
    size 102400
    vg-free 8172
    vg-in-use 92976
}
sys dns {
    name-servers { xx.105.2.55 xx.105.3.55 }
    search { us.mask.com }
}
sys ecm cloud-provider aws-ec2 {
    description "The aws-ec2 parameters"
    property-template {
        account { }
        availability-zone {
            valid-values { a b c d }
        }
        instance-type {
            valid-values { t2.micro t2.small t2.medium m3.medium m3.large m3.xlarge m3.2xlarge c3.large c3.xlarge c3.2xlarge c3.4xlarge c3.8xlarge r3.large r3.xlarge r3.2xlarge r3.4xlarge r3.8xlarge }
        }
        region {
            valid-values { us-east-1 us-west-1 us-west-2 sa-east-1 eu-west-1 eu-central-1 ap-southeast-2 ap-southeast-1 ap-northeast-1 }
        }
    }
}
sys ecm cloud-provider dnet {
    description "The dnet parameters"
}
sys ecm cloud-provider vsphere {
    description "The vsphere parameters"
    property-template {
        cloud-host-ip { }
        dhcp-network-name { }
        end-point-url { }
        node-name { }
    }
}
sys ecm config { }
sys feature-module cgnat {
    disabled
}
sys file ssl-cert wildcard.dev.maskmask.com-clientssl.crt {
    certificate-key-size 2048
    checksum SHA1:8112:ab2e53b9f5cc1a9436c72794c30f473b38acc512
    create-time 2018-08-09:14:22:24
    created-by root
    expiration-date 1594857599
    expiration-string "Jul 15 23:59:59 2020 GMT"
    is-bundle true
    issuer "CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB"
    key-type rsa-public
    last-update-time 2018-08-09:14:22:24
    mode 33188
    revision 1
    serial-number e1:cb:d3:75:13:6f:c0:75:df:64:a6:c9:c3:ca:6c:18
    size 8112
    source-path file:/var/config/rest/downloads/BIGIQ_Uploaded_654972c4-763a-3876-9995-e6b48fc7a139
    subject "CN=*.dev.maskmask.com,OU=EssentialSSL Wildcard,OU=Domain Control Validated"
    subject-alternative-name "DNS:dev.maskmask.com, DNS:*.dev.maskmask.com"
    updated-by root
    version 3
}
sys file ssl-key wildcard.dev.maskmask.com-clientssl.key {
    checksum SHA1:1675:5c4541e2bdcd23adbb36ca2604689f30c862c3c6
    create-time 2018-08-09:14:22:24
    created-by root
    key-size 2048
    last-update-time 2018-08-09:14:22:24
    mode 33184
    revision 1
    size 1675
    source-path file:/var/config/rest/downloads/BIGIQ_Uploaded_272802cd-80da-3e8c-aced-7c393697fbe2
    updated-by root
}
sys folder Drafts {
    device-group device-group-failover
    inherited-devicegroup true
    inherited-traffic-group true
    traffic-group traffic-group-1
}
sys folder EPSEC {
    device-group device-group-failover
    inherited-devicegroup true
    inherited-traffic-group true
    traffic-group traffic-group-1
}
sys folder datasync-global {
    device-group datasync-global-dg
    inherited-devicegroup false
    inherited-traffic-group false
    traffic-group traffic-group-local-only
}
sys fpga firmware-config {
    type standard-balanced-fpga
}
sys global-settings {
    gui-security-banner-text "################################################################################

THIS IS A PROPRIETARY mask mask HOUSE SYSTEM, RESTRICTED TO AUTHORIZED
PERSONNEL AND FOR OFFICIAL, AUTHORIZED mask mask HOUSE BUSINESS ONLY.
ANYONE USING THIS SYSTEM, NETWORK OR DATA IS SUBJECT TO MONITORING AT ANY
TIME.  ANYONE USING THIS SYSTEM THEREBY EXPRESSLY CONSENTS TO SUCH MONITORING
AND IS FURTHER ADVISED THAT ANY EVIDENCE OF CRIMINAL AND/OR OTHERWISE IMPROPER
OR UNAUTHORIZED ACTIVITY MAY BE PROVIDED TO LAW ENFORCEMENT OFFICIALS FOR
PROSECUTION AND/OR USED BY mask mask HOUSE AS IT SEES FIT.

################################################################################"
    gui-setup disabled
    hostname xx-rhwebdev1.us.mask.com
    remote-host {
        host1 {
            addr xx.104.8.12
            hostname wmtime
        }
        host2 {
            addr xx.105.3.111
            hostname nytime
        }
    }
}
sys httpd {
    auth-pam-idle-timeout 36000
    redirect-http-to-https enabled
}
sys icontrol-soap { }
sys log-config destination remote-high-speed-log remote-hsl-destination {
    description "Splunk Remote Logging"
    pool-name splunk-logs
    protocol udp
}
sys log-config destination remote-high-speed-log remote-hsl-destination-tcp {
    description "Splunk Remote Logging"
    pool-name splunk-logs-tcp
}
sys log-config destination splunk Splunk_Log_Destination {
    description "Splunk Logs"
    forward-to remote-hsl-destination
}
sys log-config destination splunk Splunk_Log_Destination-tcp {
    forward-to remote-hsl-destination-tcp
}
sys log-config publisher Splunk-publisher {
    description "Splunk Log Publisher"
    destinations {
        Splunk_Log_Destination { }
    }
}
sys log-config publisher Splunk-publisher-tcp {
    destinations {
        Splunk_Log_Destination-tcp { }
    }
}
sys log-rotate { }
sys management-dhcp sys-mgmt-dhcp-config {
    request-options { subnet-mask broadcast-address routers domain-name domain-name-servers host-name ntp-servers }
}
sys management-ovsdb {
    ca-cert-file none
    cert-file none
    cert-key-file none
    disabled
    log-level info
}
sys management-route WM-F5-MANAGEMENT {
    gateway xx.105.7.1
    network xx.104.52.0/24
}
sys management-route WM-Management-F5 {
    gateway xx.105.7.1
    network xx.104.82.0/24
}
sys management-route WMMANAGEMENT {
    gateway xx.105.7.1
    network xx.104.53.0/24
}
sys management-route JEFFNET {
    gateway xx.105.7.1
    network xx.102.253.0/24
}
sys management-route SKANET {
    gateway xx.105.7.1
    network xx.102.254.0/24
}
sys management-route NYVPN-IT {
    gateway xx.105.7.1
    network xx.105.248.0/23
}
sys management-route NYVPN {
    gateway xx.105.7.1
    network xx.105.242.0/23
}
sys management-route NYIT {
    gateway xx.105.7.1
    network xx.108.6.0/23
}
sys management-route WMIT {
    gateway xx.105.7.1
    network xx.104.115.0/24
}
sys management-route WMARCHIVE01 {
    gateway xx.105.7.1
    network xx.104.xx.30/32
}
sys management-route NYTIME {
    gateway xx.105.7.1
    network xx.105.3.111/32
}
sys management-route WMTIME {
    gateway xx.105.7.1
    network xx.104.8.12/32
}
sys management-route NYDC-5 {
    gateway xx.105.7.1
    network xx.105.3.55/32
}
sys management-route NYDC-4-new {
    gateway xx.105.7.1
    network xx.105.2.54/32
}
sys management-route NYDC-4 {
    gateway xx.105.7.1
    network xx.105.2.55/32
}
sys management-route NYDC-3 {
    gateway xx.105.7.1
    network xx.105.2.61/32
}
sys management-route NYDC-7 {
    gateway xx.105.7.1
    network xx.105.3.46/32
}
sys management-route NYDC-6 {
    gateway xx.105.7.1
    network xx.105.2.53/32
}
sys management-route WMDC-2 {
    gateway xx.105.7.1
    network xx.104.8.202/32
}
sys management-route WMDC-1 {
    gateway xx.105.7.1
    network xx.104.8.201/32
}
sys management-route default {
    gateway xx.105.7.1
    network default
}
sys ntp {
    servers { nytime.us.mask.com wmtime.us.mask.com }
    timezone America/New_York
}
sys outbound-smtp {
    mailhub localhost
}
sys provision afm {
    level nominal
}
sys provision apm {
    level nominal
}
sys provision asm {
    level nominal
}
sys provision ltm {
    level nominal
}
sys scriptd { }
sys sflow global-settings http { }
sys sflow global-settings interface { }
sys sflow global-settings system { }
sys sflow global-settings vlan { }
sys smtp-server mimecast-smtp {
    authentication-enabled
    from-address ny-f5@relay.mask.com
    password-encrypted MASKED==xxxxxx
    smtp-server-host-name us-smtp-outbound-1.mimecast.com
    smtp-server-port submission
    username ny-f5@relay.mask.com
}
sys smtp-server us-smtp-outbound-1.mimecast.com {
    authentication-enabled
    password-encrypted MASKEDXXXXXX==
    smtp-server-host-name us-smtp-outbound-1.mimecast.com
    smtp-server-port submission
    username ny-f5@relay.mask.com
}
sys snmp {
    agent-addresses { tcp6:161 udp6:161 }
    communities {
        comm-public {
            community-name public
            source default
        }
    }
    disk-monitors {
        root {
            minspace 2000
            path /
        }
        var {
            minspace 10000
            path /var
        }
    }
    process-monitors {
        bigd {
            max-processes infinity
            process bigd
        }
        chmand {
            process chmand
        }
        httpd {
            max-processes infinity
            process httpd
        }
        mcpd {
            process mcpd
        }
        sod {
            process sod
        }
        tmm {
            max-processes infinity
            process tmm
        }
    }
}
sys software block-device-hotfix Hotfix-BIGIP-11.5.4.1.0.286-HF1.iso/2 {
    app-service none
    build 1.0.286
    checksum 61c893da78a4e783859d11d5157b575c
    device-agent vcmp-virtual-cdrom
    id HF1
    product BIG-IP
    resource-id 92312520-80f7-5003-890e-492d77843b07
    title "Hotfix Version 1.0.286"
    verified yes
    version 11.5.4
}
sys software block-device-hotfix Hotfix-BIGIP-11.6.0.6.0.442-HF6.iso/2 {
    app-service none
    build 6.0.442
    checksum d41bb9e70720790cbe97771309b914b6
    device-agent vcmp-virtual-cdrom
    id HF6
    product BIG-IP
    resource-id 17410c1f-a0a7-5610-9c6b-0b91ed1b7330
    title "Hotfix Version 6.0.442"
    verified yes
    version 11.6.0
}
sys software block-device-hotfix Hotfix-BIGIP-11.6.1.1.0.326-HF1.iso/2 {
    app-service none
    build 1.0.326
    checksum 20eb2cf44950cd5491569d48fb5b2031
    device-agent vcmp-virtual-cdrom
    id HF1
    product BIG-IP
    resource-id de8684cf-bbbd-5658-b982-65bdb94aef0d
    title "Hotfix Version 1.0.326"
    verified yes
    version 11.6.1
}
sys software block-device-hotfix Hotfix-BIGIP-11.6.1.2.0.338-HF2.iso/2 {
    app-service none
    build 2.0.338
    checksum 29799272e5caac10c45b838c58832b69
    device-agent vcmp-virtual-cdrom
    id HF2
    product BIG-IP
    resource-id 1c49f8ee-ab12-59ee-a10b-ee7367e8e45c
    title "Hotfix Version 2.0.338"
    verified yes
    version 11.6.1
}
sys software block-device-image BIGIP-11.5.4.0.0.256.iso/2 {
    app-service none
    build 0.0.256
    build-date "Fri Jan 15 17 36 31 PST 2016"
    checksum aa84e70fbf58f5441252c2b2652d7a25
    device-agent vcmp-virtual-cdrom
    file-size "1712 MB"
    last-modified "Thu May 12 12:16:35 2016"
    product BIG-IP
    resource-id c89cc977-3211-5a96-abac-0c0310b6feb5
    verified yes
    version 11.5.4
}
sys software block-device-image BIGIP-11.6.0.0.0.401.iso/2 {
    app-service none
    build 0.0.401
    build-date "Mon Aug 11 21 08 03 PDT 2014"
    checksum 06b14cac9585671799982bd5d4edff75
    device-agent vcmp-virtual-cdrom
    file-size "1955 MB"
    last-modified "Thu May 12 13:25:20 2016"
    product BIG-IP
    resource-id edcbfe1f-45c5-5529-b9b1-da8abccdbdd4
    verified yes
    version 11.6.0
}
sys software block-device-image BIGIP-11.6.1.0.0.317.iso/2 {
    app-service none
    build 0.0.317
    build-date "Wed May 4 17 48 47 PDT 2016"
    checksum d7139e97b76e88440f1eaec8bdb0f3b1
    device-agent vcmp-virtual-cdrom
    file-size "1860 MB"
    last-modified "Thu Oct  6 12:56:06 2016"
    product BIG-IP
    resource-id ae9b68bc-da1f-5bd1-993c-8aef83d1b92b
    verified yes
    version 11.6.1
}
sys software block-device-image BIGIP-12.1.3.4-0.0.2.iso/2 {
    app-service none
    build 0.0.2
    build-date "Tue Apr 10 14 26 02 PDT 2018"
    checksum ac783134362b09143bb60edc0d0e1137
    device-agent vcmp-virtual-cdrom
    file-size "2009 MB"
    last-modified "Fri May 11 16:54:37 2018"
    product BIG-IP
    resource-id 08578ee0-2d36-556b-a57d-10208726a64c
    verified yes
    version 12.1.3.4
}
sys software image BIGIP-12.1.3.6-0.0.3.iso/2 {
    build 0.0.3
    build-date "Wed Jul 11 07 18 53 PDT 2018"
    checksum 734b1fdd62610875553f247c21e4b16d
    file-size "2029 MB"
    last-modified "Fri Aug 10 15:34:51 2018"
    product BIG-IP
    verified yes
    version 12.1.3.6
}
sys software update {
    auto-check enabled
    auto-phonehome enabled
    frequency weekly
}
sys software update-status GEOLOC-ISP {
    available ip-geolocation-v2-2.0.0-20180813.331.0
    check-user root
    label "Geo Location ISP Data"
    last-checked 2018-08-19:18:33:14
    last-checked-auto-mode enabled
    last-checked-version 2.0.0-20180604.321.0
    progress-status available
    url https://downloads.f5.com/esd/ecc.sv\?sw=BIG-IP&pro=big-ip_v12.x&ver=12.1.3&container=GeoLocationUpdates
}
sys software update-status GEOLOC-Region2 {
    available ip-geolocation-v2-2.0.0-20180813.331.0
    check-user root
    label "Geo Location Region2 (Worldwide) Data"
    last-checked 2018-08-19:18:33:14
    last-checked-auto-mode enabled
    last-checked-version 2.0.0-20180604.321.0
    progress-status available
    url https://downloads.f5.com/esd/ecc.sv\?sw=BIG-IP&pro=big-ip_v12.x&ver=12.1.3&container=GeoLocationUpdates
}
sys software update-status GEOLOC-v6 {
    available ip-geolocation-v2-2.0.0-20180813.331.0
    check-user root
    label "Geo Location v6 Data"
    last-checked 2018-08-19:18:33:14
    last-checked-auto-mode enabled
    last-checked-version 2.0.0-20180604.321.0
    progress-status available
    url https://downloads.f5.com/esd/ecc.sv\?sw=BIG-IP&pro=big-ip_v12.x&ver=12.1.3&container=GeoLocationUpdates
}
sys software update-status OPSWAT {
    available "OPSWAT Endpoint Security Integration Update. See readme_minimum_version.txt before install"
    check-user root
    label "EPSEC Software Version"
    last-checked 2018-08-19:18:33:14
    last-checked-auto-mode enabled
    last-checked-version 1.0.0-703.0
    progress-status available
    url https://downloads.f5.com/esd/ecc.sv\?sw=BIG-IP&pro=big-ip_v12.x&ver=12.1.3&container=epsec-1.0.0-718.0
}
sys software update-status RELEASE {
    available none
    check-user root
    label "BIG-IP Version"
    last-checked 2018-08-19:18:33:14
    last-checked-auto-mode enabled
    last-checked-version 12.1.3.6-0.0.3
    url "Software is up-to-date."
}
sys software volume HD1.1/2 {
    basebuild 0.0.2
    build 0.0.2
    media {
        HD1.1/2 {
            media hd
            size default
        }
    }
    product BIG-IP
    status complete
    version 12.1.3.4
}
sys software volume HD1.2/2 {
    active
    active-requested
    basebuild 0.0.3
    build 0.0.3
    media {
        HD1.2/2 {
            default-boot-location
            media hd
            size default
        }
    }
    product BIG-IP
    status complete
    version 12.1.3.6
}
sys software volume HD1.3/2 {
    media {
        HD1.3/2 {
            media hd
            size default
        }
    }
    status complete
}
sys sshd {
    banner enabled
    banner-text "################################################################################

THIS IS A PROPRIETARY mask mask HOUSE SYSTEM, RESTRICTED TO AUTHORIZED
PERSONNEL AND FOR OFFICIAL, AUTHORIZED mask mask HOUSE BUSINESS ONLY.
ANYONE USING THIS SYSTEM, NETWORK OR DATA IS SUBJECT TO MONITORING AT ANY
TIME.  ANYONE USING THIS SYSTEM THEREBY EXPRESSLY CONSENTS TO SUCH MONITORING
AND IS FURTHER ADVISED THAT ANY EVIDENCE OF CRIMINAL AND/OR OTHERWISE IMPROPER
OR UNAUTHORIZED ACTIVITY MAY BE PROVIDED TO LAW ENFORCEMENT OFFICIALS FOR
PROSECUTION AND/OR USED BY mask mask HOUSE AS IT SEES FIT.

################################################################################"
}
sys state-mirroring { }
sys syslog {
    kern-from notice
    remote-servers {
        wmsyslog.us.mask.com {
            host xx.104.82.171
        }
    }
}
sys url-db download-schedule urldb { }