1. Afreeca TV

F-SBID( --protocol tcp; --service http; --flow from_client; --pattern ".afreeca."; --context host; --no_case; --app_cat 5; )

2. Naver Café

F-SBID( --protocol tcp; --service http; --flow from_client; --pattern "cafe.naver.com"; --context host; --no_case; --app_cat 23; )

F-SBID( --protocol tcp; --service http; --flow from_client; --pattern "cafe"; --context host; --no_case; --within 10,context; --pattern ".naver.net"; --context host; --no_case; --app_cat 23; )

3. KakaoStory

F-SBID( --protocol tcp; --service SSL; --pattern "story.kakao.com"; --context host; --no_case; --app_cat 23; )

F-SBID( --protocol tcp; --service SSL; --pattern "story."; --context host; --no_case; --pattern ".kakaocdn.net"; --context host; --no_case; --app_cat 23; )

F-SBID( --protocol tcp; --service SSL; --pattern "story-"; --context host; --no_case; --pattern ".kakao"; --context host; --no_case; --app_cat 23; )

F-SBID( --protocol tcp; --service http; --flow from_client; --pattern "User-Agent: "; --context header; --no_case; --pattern "KakaoStory"; --context header; --no_case; --within 20; --app_cat 23; )

FG # sh ips custom Apache.Struts.CVE.2017.5638.Custom 
config ips custom
    edit "Apache.Struts.CVE.2017.5638.Custom"
        set signature "F-SBID( --attack_id 7386; --name Apache.Struts.CVE.2017.5638.Custom; --protocol tcp; --service HTTP; --flow from_client; --pattern Content-Type:; --context header; --no_case; --pattern multipart/form-data; --context header; --no_case; --within 64; --pattern %{; --context header; --distance -32; --within 64; --pcre /%{[^x0a]*([^x0a]*)/i; --context header; --distance -2;   )"
        set log-packet enable
        set action block
        set comment "CVE-2017-5638"
    next
end

   


'업무이야기 > Fortinet' 카테고리의 다른 글

FortiAuthenticator FSSO 설정  (0) 2018.05.08
FortiSandbox VM package  (0) 2018.05.08
Custom Application Control  (0) 2018.05.08
SSLVPN Host Check  (0) 2018.05.08
FortiAnalyzer SQL database delete and rebuild  (0) 2018.05.08
IP Macbindging  (0) 2018.05.08