Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Skywatcher
Explorer

Quantum Spark IPS question

Hi,

I received a question from customer running a 1590 box and R80.20.20 version

Can IPS detect this pattern ( \$\{\s*(j|\$?\{.+?\}) } ) 

If the test is done:

1. By the request POST

2. In the HTTP header

3. In the HTTP data stream

Or is WAF required for this?

 

Thank you

 

0 Kudos
6 Replies
G_W_Albrecht
Legend Legend
Legend

Looks like RegEx - why should IPS match that ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Skywatcher
Explorer

Let me see if I can have more info from the customer and see from there

0 Kudos
G_W_Albrecht
Legend Legend
Legend

In the SMB Users & Objects > Applications & URLs page you can define custom applications by Regular Expressions that match URLs - but your example will not match URLs...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Skywatcher
Explorer

Thank you, I know that, but I don't think they had that in mind.

I have some assumptions that are on the path of what @Ruan_Kotze wrote, but didn't want to get ahead of myself. 

Like I said let me see if I can get more info from the customer which may shed some light

0 Kudos
the_rock
Legend
Legend

I agree with @G_W_Albrecht . I dont think IPS can match that at all. Not sure if WAF can...maybe.

0 Kudos
Ruan_Kotze
Advisor

Long shot but perhaps worth investigating is if you can write a Snort signature containing your regex.

Once you have the Snort signature you can import it into your manager, assuming your gateway is centrally managed.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events