diff options
Diffstat (limited to 'resource/pangu/pangu_http.json')
| -rw-r--r-- | resource/pangu/pangu_http.json | 79 |
1 files changed, 40 insertions, 39 deletions
diff --git a/resource/pangu/pangu_http.json b/resource/pangu/pangu_http.json index 945e17c..3306bf5 100644 --- a/resource/pangu/pangu_http.json +++ b/resource/pangu/pangu_http.json @@ -10,16 +10,19 @@ "do_blacklist": 1, "do_log": 1, "effective_range": 0, + "tags":"{\"tag_sets\":[[{\"tag\":\"device_id\",\"value\":[\"device_3\",\"device_4\"]}]]}", "user_region": "{\"protocol\":\"http\",\"method\":\"redirect\",\"code\":302,\"to\":\"https://www.jd.com\"}", "is_valid": "yes", "groups": [ { - "group_name":"http_url", + "virtual_table":"ATTR_HTTP_URL", + "group_name":"http_url", + "group_id":101, "not_flag":0, "regions": [ { "table_name": "TSG_OBJ_URL", - "table_type": "string", + "table_type": "expr", "table_content": { "keywords": "baidu.com", "expr_type": "regex", @@ -28,6 +31,12 @@ } } ] + }, + { + "virtual_table":"ATTR_APP_ID", + "group_name":"app_id", + "group_id":201, + "not_flag":0 } ] }, @@ -44,8 +53,7 @@ "groups": [ { "group_name":"http_url", - "virtual_table":"TSG_FIELD_HTTP_URL", - "not_flag":0 + "virtual_table":"ATTR_HTTP_URL" } ] }, @@ -60,12 +68,14 @@ "is_valid": "yes", "groups": [ { + "virtual_table":"ATTR_HTTP_HOST_VIRTUAL", "group_name":"http_fqdn", + "group_id":102, "not_flag":0, "regions": [ { "table_name": "TSG_OBJ_FQDN", - "table_type": "string", + "table_type": "expr", "table_content": { "keywords": "www.126.com", "expr_type": "regex", @@ -82,14 +92,14 @@ "service": 1, "action": 48, "do_blacklist": 1, - "do_log": 1, + "do_log": 1, "effective_range": 0, - "user_region":"{\"protocol\":\"http\",\"method\":\"replace\",\"rules\":[{\"search_in\":\"http_resp_body\",\"find\":\"大师\",\"replace_with\":\"小小\"}]}", + "user_region":"{\"protocol\":\"http\",\"method\":\"replace\",\"rules\":[{\"search_in\":\"http_resp_body\",\"find\":\"账号登录\",\"replace_with\":\"Login\"}]}", "is_valid": "yes", "groups": [ { "group_name":"http_fqdn", - "virtual_table":"TSG_FIELD_HTTP_HOST", + "virtual_table":"ATTR_HTTP_HOST", "not_flag":0 } ] @@ -99,14 +109,14 @@ "service": 1, "action": 48, "do_blacklist": 1, - "do_log": 1, + "do_log": 1, "effective_range": 0, "user_region": "{\"protocol\":\"http\",\"method\":\"replace\",\"rules\":[{\"search_in\":\"http_resp_body\",\"find\":\"会员\",\"replace_with\":\"用户\"}]}", "is_valid": "yes", "groups": [ { "group_name":"http_fqdn", - "virtual_table":"TSG_FIELD_DOH_QNAME", + "virtual_table":"ATTR_DOH_QNAME", "not_flag":0 } ] @@ -122,7 +132,9 @@ "is_valid": "yes", "groups": [ { - "group_name":"http_signature_ua", + "virtual_table":"ATTR_HTTP_REQ_HDR", + "group_name":"http_signature_ua", + "group_id":103, "not_flag":0, "regions": [ { @@ -139,8 +151,10 @@ ] }, { - + + "virtual_table":"ATTR_HTTP_REQ_HDR", "group_name":"http_signature_cookie", + "group_id":104, "not_flag":0, "regions": [ { @@ -169,12 +183,14 @@ "is_valid": "yes", "groups": [ { + "virtual_table":"ATTR_HTTP_URL", "group_name":"http_url_bing", + "group_id": 105, "not_flag":0, "regions": [ { "table_name": "TSG_OBJ_URL", - "table_type": "string", + "table_type": "expr", "table_content": { "keywords": "bing.com", "expr_type": "regex", @@ -183,7 +199,7 @@ } } ] - } + } ] }, { @@ -196,31 +212,9 @@ "user_region": "{\"protocol\":\"http\",\"method\":\"block\",\"code\":403,\"message\":\"error\"}", "is_valid": "yes", "groups": [ - { - "group_name":"http_signature_ua", - "virtual_table":"TSG_FIELD_HTTP_REQ_HDR", - "not_flag":0 - }, { "group_name":"http_url_bing", - "virtual_table":"TSG_FIELD_HTTP_URL", - "not_flag":0 - }, - { - "group_name":"app_id", - "not_flag":0, - "regions": [ - { - "table_name": "TSG_OBJ_APP_ID", - "table_type": "string", - "table_content": { - "keywords": "http.", - "expr_type": "regex", - "match_method": "sub", - "format": "uncase plain" - } - } - ] + "virtual_table":"ATTR_HTTP_URL" } ] } @@ -261,8 +255,8 @@ { "table_name": "PXY_INTERCEPT_COMPILE", "table_content": [ - "0\t0\t2\t1\t1\t{}\t{\"vsys_id\":1,\"protocol\":\"SSL\",\"keyring_for_trusted\":765,\"keyring_for_untrusted\":10,\"decryption\":0,\"tcp_option_profile\":1,\"traffic_mirror\":{\"enable\":0}}\t1\t2", - "4\t0\t2\t1\t1\t{}\t{\"vsys_id\":1,\"protocol\":\"SSL\",\"keyring_for_trusted\":1,\"keyring_for_untrusted\":10,\"decryption\":0,\"tcp_option_profile\":1,\"traffic_mirror\":{\"enable\":1,\"mirror_profile\":1234}}\t1\t2" + "0\t0\t2\t1\t1\t{}\t{\"vsys_id\":1,\"protocol\":\"SSL\",\"keyring_for_trusted\":765,\"keyring_for_untrusted\":10,\"decryption\":0,\"tcp_option_profile\":1,\"traffic_mirror\":{\"enable\":0}}\t1\t1\t2", + "255119\t0\t2\t1\t1\t{}\t{\"vsys_id\":1,\"protocol\":\"SSL\",\"keyring_for_trusted\":1,\"keyring_for_untrusted\":10,\"decryption\":0,\"tcp_option_profile\":1,\"traffic_mirror\":{\"enable\":1,\"mirror_profile\":1234}}\t1\t1\t2" ] }, { @@ -285,6 +279,13 @@ "2\teb149984fc9c44d85ed7f12c90d818be\t1\t0", "3\te6573e91e6eb777c0933c5b8f97f10cd\t1\t1" ] + }, + { + "table_name": "APP_ID_DICT", + "table_content": [ + "67\thttp\t0\tnull\tnetworking\tinfrastructure\tnetwork-protocol\t3\tused-by-malware,vulnerability,widely-used\tnull\tnull\t{\"method\":\"drop\",\"after_n_packets\":0,\"send_icmp_unreachable\":1,\"send_tcp_reset\":1}\t0\t60\t120\t30\t30\t201\t1", + "68\thttps\t0\tnull\tnetworking\tinfrastructure\tnetwork-protocol\t3\tused-by-malware,vulnerability,widely-used\tnull\tnull\t{\"method\":\"rate_limit\",\"bps\":1000}\t0\t0\t0\t0\t0\t68000\t1" + ] } ] } |