Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
371
Views
0
Helpful
1
Replies

Customized SERVICE HTTP signatures

mhayek
Level 1
Level 1

‎12-13-2005 08:56 AM - edited ‎03-10-2019 01:47 AM

Starting this thread to gather inputs on creating custom HTTP signatures to detect specific URL sites. Has anyone used the regex in IPS 5.x to specify certain web URL to log or deny ?

Ex: Signature that can detect, log or block www.yahoo.com

Labels:
0 Helpful
1 Reply 1

mhayek
Level 1
Level 1

‎12-13-2005 09:04 AM

Here is one example, please share others:

the URI is the stuff after the URL:

Example:

www.cisco.com/index.cgi?name=billy

The URI is: /index.cgi?name=bily

The host field in http header is:

www.cisco.com

So look for [Ww][Ww][Ww][.][Cc][Ii][Ss][Cc][Oo][.][Cc][Oo][Mm] in the header section and if you know the rest of the URL you can append that section in the URI:

[\x2f\x5c][Ii][Nn][Dd][Ee][Xx][.][Cc][Gg][Ii]

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card