I am running an ASA w/AIP. What I would like to do is block all url request for .php except for 1 url. The engine being used for the custom signature is service-http.
I have tried ([^(allow.site)][A-Za-z][0-9])*\x2E([Pp\x50\x70][Hh\x48\x68][Pp\x50\x70])
After configuring this custom signature the IPS complains that all signatures might not fire and signatures should be retired. I've tried to reduce the signatures but the custom signature is still to demanding. My question is, are there any other suggestions as to how this can be achieved?