본문 바로가기

업무이야기/Security

Fortigate Custom Application Control

by 쫑콩아빠 2018. 5. 8.
728x90

1. Afreeca TV

 

F-SBID( --protocol tcp; --service http; --flow from_client; --pattern ".afreeca."; --context host; --no_case; --app_cat 5; )

 

2. Naver Café

 

F-SBID( --protocol tcp; --service http; --flow from_client; --pattern "cafe.naver.com"; --context host; --no_case; --app_cat 23; )

 

F-SBID( --protocol tcp; --service http; --flow from_client; --pattern "cafe"; --context host; --no_case; --within 10,context; --pattern ".naver.net"; --context host; --no_case; --app_cat 23; )

 

3. KakaoStory

 

F-SBID( --protocol tcp; --service SSL; --pattern "story.kakao.com"; --context host; --no_case; --app_cat 23; )

 

F-SBID( --protocol tcp; --service SSL; --pattern "story."; --context host; --no_case; --pattern ".kakaocdn.net"; --context host; --no_case; --app_cat 23; )

 

F-SBID( --protocol tcp; --service SSL; --pattern "story-"; --context host; --no_case; --pattern ".kakao"; --context host; --no_case; --app_cat 23; )

 

F-SBID( --protocol tcp; --service http; --flow from_client; --pattern "User-Agent: "; --context header; --no_case; --pattern "KakaoStory"; --context header; --no_case; --within 20; --app_cat 23; )

 

FG # sh ips custom Apache.Struts.CVE.2017.5638.Custom config ips custom    edit "Apache.Struts.CVE.2017.5638.Custom"        set signature "F-SBID( --attack_id 7386; --name Apache.Struts.CVE.2017.5638.Custom; --protocol tcp; --service HTTP; --flow from_client; --pattern Content-Type:; --context header; --no_case; --pattern multipart/form-data; --context header; --no_case; --within 64; --pattern %{; --context header; --distance -32; --within 64; --pcre /%{[^x0a]*([^x0a]*)/i; --context header; --distance -2;   )"        set log-packet enable        set action block        set comment "CVE-2017-5638"    next

end

 

728x90

'업무이야기 > Security' 카테고리의 다른 글

FortiAuthenticator FSSO 설정  (0) 2018.05.08
FortiSandbox VM package  (0) 2018.05.08
Fortigate SSLVPN Host Check  (0) 2018.05.08
FortiAnalyzer SQL database delete and rebuild  (0) 2018.05.08
Fortigate IP Macbindging  (0) 2018.05.08