AnsweredAssumed Answered

GAIA R80.10 IPS only blocks URL-based attacks

Question asked by tom barat on Jun 11, 2018
Latest reply on Jun 12, 2018 by Dameon Welch Abernathy

Hi,

It is my first time configuring checkpoint products and i am still having some issues with the IPS.

 

I have a R80.10 firewall module with IPS enabled ( and configured in a rather strict profile) and a vulnerable web server behind it.

When I attack the web server, the IPS properly detects URL-based attack ( for instance a SQLi where the injection is in URL parameters ) but it doesn't detect or block anything that is done in the "body" of the request, for instance in POST params.

 

As i am a beginner this could be induced by a stupid configuration mistake but i did not find any sk specific to that issue.

 

Thank you in advance for your time and help.

Outcomes