Hi, i have webserver and i want to block scan for website using IPS ( any type of scan which reveals server infomoration).
Is there any signature used, if not can i create custom signature (how i can do it)
The only generic signature I see that is available here is 5724.0 which detects the Nikto scanner.
Many of these web scanners use specific techniques that we will block in generic web vulnerability signatures but they are not called out specifically as blocking a scanner.
For example you can try enabling the 5930 signatures for SQL injection protection.
If you want to create a custom signature, please follow this guide:
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: