Description
An IDP Rule defines a filter for matching specific network traffic. When the filter criterion is met, the IDP Rule Actions
are evaluated and possible actions taken.
Properties
- Index
- The index of the object, starting at 1. (Identifier)
- Name
- Specifies a symbolic name for the rule. (Optional)
- SourceInterface
- Specifies the name of the receiving interface to be compared to the received packet.
- DestinationInterface
- Specifies the destination interface to be compared to the received packet.
- SourceNetwork
- Specifies the sender span of IP addresses to be compared to the received packet.
- DestinationNetwork
- Specifies the span of IP addresses to be compared to the destination IP of the received packet.
- Service
- Specifies a service that will be used as a filter parameter when matching traffic with this rule.
- Schedule
- By adding a schedule to a rule, the firewall will only allow that rule to trigger at those designated times. (Optional)
- InsertionEvasion
- Protect against insertion/evastion attacks. (Default: Yes)
- URIIllegalUTF8
- Specifies what action to take if invalid UTF-8 characters are seen in a HTTP URI. (Default: Log)
- URIIllegalHex
- Specifies what action to take when invalid hexencoding (%xx) is seen in a HTTP URI. (Default: DropLog)
- URIDoubleEncode
- Specifies what action to take when seeing double encoded characters in a HTTP URI. (Default: Ignore)
- ScanLimit
- Enable Scan Limit. (Default: No)
- ScanLimitBytes
- Stop IDP scanning after this many bytes. (Default: 800)
- Attribute
- Special Attribute of the current object. (Optional)
- Comments
- Text describing the current object. (Optional)
![[Note]](images/note.png) |
Note |
If no Index is specified when creating an instance of this type, the object will be placed last in the list and the Index will be equal to the length of the list.
|
Description
An IDP Rule Action specifies what signatures to search for in the network traffic, and what action to take if those
signatures are found.
Properties
- Action
- Specifies what action to take if the given signature is found. (Default: Protect)
- Signatures
- Specifies what signature(s) to search for in the network traffic. (Optional)
- ZoneDefense
- Use ZoneDefense. (Default: No)
- BlackList
- Activate BlackList. (Default: No)
- BlackListTimeToBlock
- The number of seconds that the dynamic black list should remain. (Optional)
- BlackListBlockOnlyService
- Block Service Only. (Default: No)
- BlackListIgnoreEstablished
- Ignore Established. (Default: No)
- PipeLimit
- Specifies the bandwidth limit in kbps for hosts triggered by this action.
- PipeNetwork
- Traffic shaping will only apply to hosts that are within this network. (Default: 0/0)
- PipeNewConnections
- Pipe Future Connections. (Default: No)
- PipeTimeWindow
- Throttling of new connections to and from the triggering host will stop after the configured amount of time. (Default: 10)
- Attribute
- Special Attribute of the current object. (Optional)
- LogEnabled
- Enable logging. (Default: Yes)
- LogSeverity
- Specifies with what severity log events will be sent to the specified log receivers. (Default: Default)
- Comments
- Text describing the current object. (Optional)
|
Note |
If no Index is specified when creating an instance of this type, the object will be placed last in the list and the Index will be equal to the length of the list.
|
cOS Core 15.00.01 CLI Reference Guide
