1. Afreeca TV
F-SBID( --protocol tcp; --service http; --flow from_client; --pattern ".afreeca."; --context host; --no_case; --app_cat 5; )
2. Naver Café
F-SBID( --protocol tcp; --service http; --flow from_client; --pattern "cafe.naver.com"; --context host; --no_case; --app_cat 23; )
F-SBID( --protocol tcp; --service http; --flow from_client; --pattern "cafe"; --context host; --no_case; --within 10,context; --pattern ".naver.net"; --context host; --no_case; --app_cat 23; )
3. KakaoStory
F-SBID( --protocol tcp; --service SSL; --pattern "story.kakao.com"; --context host; --no_case; --app_cat 23; )
F-SBID( --protocol tcp; --service SSL; --pattern "story."; --context host; --no_case; --pattern ".kakaocdn.net"; --context host; --no_case; --app_cat 23; )
F-SBID( --protocol tcp; --service SSL; --pattern "story-"; --context host; --no_case; --pattern ".kakao"; --context host; --no_case; --app_cat 23; )
F-SBID( --protocol tcp; --service http; --flow from_client; --pattern "User-Agent: "; --context header; --no_case; --pattern "KakaoStory"; --context header; --no_case; --within 20; --app_cat 23; )
FG # sh ips custom Apache.Struts.CVE.2017.5638.Custom config ips custom edit "Apache.Struts.CVE.2017.5638.Custom" set signature "F-SBID( --attack_id 7386; --name Apache.Struts.CVE.2017.5638.Custom; --protocol tcp; --service HTTP; --flow from_client; --pattern Content-Type:; --context header; --no_case; --pattern multipart/form-data; --context header; --no_case; --within 64; --pattern %{; --context header; --distance -32; --within 64; --pcre /%{[^x0a]*([^x0a]*)/i; --context header; --distance -2; )" set log-packet enable set action block set comment "CVE-2017-5638" next
'업무이야기 > Security' 카테고리의 다른 글
FortiAuthenticator FSSO 설정 (0) | 2018.05.08 |
---|---|
FortiSandbox VM package (0) | 2018.05.08 |
Fortigate SSLVPN Host Check (0) | 2018.05.08 |
FortiAnalyzer SQL database delete and rebuild (0) | 2018.05.08 |
Fortigate IP Macbindging (0) | 2018.05.08 |