In the newer versions after 9.1, Palo Alto Networks now does not have 7-byte minimum length limit and is really useful, as an example, to make a signature that will block traffic to a web page if too many times the login parameter "user" is seen in the HTTP requests query or body parameters from a source IP address.
Before the "user" parameter will not be allowed as it was to small below 7 bytes, so the web app needed to be changed to use something like "username" for example.
In this article, I will show the how using the below match condition with combination match (it adds the number of the signature is triggered before taking an action) will trigger brute force protection of a web page login page.
This is also really useful for Layer 3 and Layer 4 signatures that are supported at 11.x and newer as TCP or UDP flags could be less than the previous limit!
Great post @nikoolayy1! The removal of the 7-byte minimum length requirement after PAN-OS 9.1 is a real game-changer for creating more precise signatures. Thanks for sharing this practical insight!
