AnsweredAssumed Answered

GAIA R80.10 IPS only blocks URL-based attacks

Question asked by tom barat on Jun 11, 2018
Latest reply on Jun 12, 2018 by Dameon Welch-Abernathy

Hi,

It is my first time configuring checkpoint products and i am still having some issues with the IPS.

 

I have a R80.10 firewall module with IPS enabled ( and configured in a rather strict profile) and a vulnerable web server behind it.

When I attack the web server, the IPS properly detects URL-based attack ( for instance a SQLi where the injection is in URL parameters ) but it doesn't detect or block anything that is done in the "body" of the request, for instance in POST params.

 

As i am a beginner this could be induced by a stupid configuration mistake but i did not find any sk specific to that issue.

 

Thank you in advance for your time and help.

Outcomes