[prev in list] [next in list] [prev in thread] [next in thread]
List: oisf-users
Subject: Re: [Oisf-users] Block any uploading
From: "Cooper F. Nelson" <cnelson () ucsd ! edu>
Date: 2016-03-18 19:54:57
Message-ID: 56EC5D11.7060603 () ucsd ! edu
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
I haven't tried it personally, but here are the details on using
suricata's GeoIP functionality.
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/GeoIP
So if you were running suricata in IPS mode you could write a 'drop'
rule to detect file uploads via the web and then add a negation rule to
only allow Singapore IPs. E.g. geoip:src,!SG
*But*, I personally wouldn't do this via suricata. I would use a
reverse proxy (like Squid), or mod_security, so that blocked users would
get a web page telling them why their upload was blocked.
-Coop
On 3/17/2016 12:07 PM, Mesra.net CEO wrote:
> That rules is filter by geoip for only Singapore IP are allow to upload
> any files via the web, the rest will be denied, how can i make a
> Suricata rules with my requirment?
>
> Please help and thank you so much
--
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson@ucsd.edu x41042
["signature.asc" (application/pgp-signature)]
[Attachment #6 (text/plain)]
_______________________________________________
Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic