summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhebingning <[email protected]>2024-05-30 19:38:27 +0800
committerhebingning <[email protected]>2024-05-30 19:38:27 +0800
commitc3f31668052e5506f27e67310e7a7979d66175b0 (patch)
tree25c778e6c178fb6ede99d90ce2efb8d38507de0d
parent1901b3207c063d1131ff64bfb0a1ce81fa4c1ff1 (diff)
commit security case
Diffstat
-rw-r--r--createObject.py10
-rw-r--r--data/case_data/object_performance/security_deny_create_1000_ip.json (renamed from data/case_data/object_performance/security_deny_create_50w_ip.json)0
-rw-r--r--data/case_data/security_rule/allow_geography_dns_qname.json55
-rw-r--r--data/case_data/security_rule/allow_geography_ftp_allfilter.json87
-rw-r--r--data/case_data/security_rule/allow_geography_ftp_uri.json55
-rw-r--r--data/case_data/security_rule/allow_geography_http_allfilter.json137
-rw-r--r--data/case_data/security_rule/allow_geography_http_host.json55
-rw-r--r--data/case_data/security_rule/allow_geography_mail_allfilter.json151
-rw-r--r--data/case_data/security_rule/allow_geography_mail_subject.json55
-rw-r--r--data/case_data/security_rule/allow_geography_ssl_allfilter.json86
-rw-r--r--data/case_data/security_rule/allow_geography_ssl_sni.json56
-rw-r--r--data/case_data/security_rule/allow_subid_dns_qname.json46
-rw-r--r--data/case_data/security_rule/allow_subid_ftp_allfilter.json78
-rw-r--r--data/case_data/security_rule/allow_subid_ftp_uri.json46
-rw-r--r--data/case_data/security_rule/allow_subid_http_allfilter.json128
-rw-r--r--data/case_data/security_rule/allow_subid_http_host.json46
-rw-r--r--data/case_data/security_rule/allow_subid_mail_allfilter.json142
-rw-r--r--data/case_data/security_rule/allow_subid_mail_subject.json46
-rw-r--r--data/case_data/security_rule/allow_subid_ssl_allfilter.json77
-rw-r--r--data/case_data/security_rule/allow_subid_ssl_sni.json46
-rw-r--r--data/case_data/security_rule/deny_alert_200_profile_geography_http_allfilter.json99
-rw-r--r--data/case_data/security_rule/deny_alert_200_profile_geography_http_host.json65
-rw-r--r--data/case_data/security_rule/deny_alert_200_profile_subid_http_allfilter.json90
-rw-r--r--data/case_data/security_rule/deny_alert_200_profile_subid_http_host.json56
-rw-r--r--data/case_data/security_rule/deny_alert_200_text_geography_http_allfilter.json91
-rw-r--r--data/case_data/security_rule/deny_alert_200_text_geography_http_host.json58
-rw-r--r--data/case_data/security_rule/deny_alert_200_text_subid_http_allfilter.json82
-rw-r--r--data/case_data/security_rule/deny_alert_200_text_subid_http_host.json49
-rw-r--r--data/case_data/security_rule/deny_alert_204_geography_http_allfilter.json90
-rw-r--r--data/case_data/security_rule/deny_alert_204_geography_http_host.json57
-rw-r--r--data/case_data/security_rule/deny_alert_204_subid_http_allfilter.json81
-rw-r--r--data/case_data/security_rule/deny_alert_204_subid_http_host.json48
-rw-r--r--data/case_data/security_rule/deny_block_403_profile_geography_http_allfilter.json98
-rw-r--r--data/case_data/security_rule/deny_block_403_profile_geography_http_host.json65
-rw-r--r--data/case_data/security_rule/deny_block_403_profile_subid_http_allfilter.json89
-rw-r--r--data/case_data/security_rule/deny_block_403_profile_subid_http_host.json89
-rw-r--r--data/case_data/security_rule/deny_block_403_text_geography_http_allfilter.json91
-rw-r--r--data/case_data/security_rule/deny_block_403_text_geography_http_host.json58
-rw-r--r--data/case_data/security_rule/deny_block_403_text_subid_http_allfilter.json82
-rw-r--r--data/case_data/security_rule/deny_block_403_text_subid_http_host.json49
-rw-r--r--data/case_data/security_rule/deny_block_404_profile_geography_http_allfilter.json98
-rw-r--r--data/case_data/security_rule/deny_block_404_profile_geography_http_host.json65
-rw-r--r--data/case_data/security_rule/deny_block_404_profile_subid_http_allfilter.json89
-rw-r--r--data/case_data/security_rule/deny_block_404_profile_subid_http_host.json89
-rw-r--r--data/case_data/security_rule/deny_block_404_text_geography_http_allfilter.json91
-rw-r--r--data/case_data/security_rule/deny_block_404_text_geography_http_host.json58
-rw-r--r--data/case_data/security_rule/deny_block_404_text_subid_http_allfilter.json82
-rw-r--r--data/case_data/security_rule/deny_block_404_text_subid_http_host.json49
-rw-r--r--data/case_data/security_rule/deny_block_550_geography_mail_allfilter.json105
-rw-r--r--data/case_data/security_rule/deny_block_550_geography_mail_subject.json57
-rw-r--r--data/case_data/security_rule/deny_block_550_subid_mail_allfilter.json96
-rw-r--r--data/case_data/security_rule/deny_block_550_subid_mail_subject.json48
-rw-r--r--data/case_data/security_rule/deny_block_551_geography_mail_allfilter.json105
-rw-r--r--data/case_data/security_rule/deny_block_551_geography_mail_subject.json57
-rw-r--r--data/case_data/security_rule/deny_block_551_subid_mail_allfilter.json96
-rw-r--r--data/case_data/security_rule/deny_block_551_subid_mail_subject.json48
-rw-r--r--data/case_data/security_rule/deny_drop_icmp_geography_dns_qname.json58
-rw-r--r--data/case_data/security_rule/deny_drop_icmp_geography_ftp_allfilter.json90
-rw-r--r--data/case_data/security_rule/deny_drop_icmp_geography_ftp_uri.json58
-rw-r--r--data/case_data/security_rule/deny_drop_icmp_geography_http_allfilter.json140
-rw-r--r--data/case_data/security_rule/deny_drop_icmp_geography_http_host.json58
-rw-r--r--data/case_data/security_rule/deny_drop_icmp_geography_mail_allfilter.json154
-rw-r--r--data/case_data/security_rule/deny_drop_icmp_geography_mail_subject.json58
-rw-r--r--data/case_data/security_rule/deny_drop_icmp_geography_ssl_allfilter.json89
-rw-r--r--data/case_data/security_rule/deny_drop_icmp_geography_ssl_sni.json89
-rw-r--r--data/case_data/security_rule/deny_drop_icmp_subid_dns_qname.json49
-rw-r--r--data/case_data/security_rule/deny_drop_icmp_subid_ftp_allfilter.json81
-rw-r--r--data/case_data/security_rule/deny_drop_icmp_subid_ftp_uri.json49
-rw-r--r--data/case_data/security_rule/deny_drop_icmp_subid_mail_allfilter.json145
-rw-r--r--data/case_data/security_rule/deny_drop_icmp_subid_mail_subject.json49
-rw-r--r--data/case_data/security_rule/deny_drop_reset_geography_ftp_allfilter.json88
-rw-r--r--data/case_data/security_rule/deny_drop_reset_geography_ftp_uri.json56
-rw-r--r--data/case_data/security_rule/deny_drop_reset_geography_http_allfilter.json138
-rw-r--r--data/case_data/security_rule/deny_drop_reset_geography_http_host.json56
-rw-r--r--data/case_data/security_rule/deny_drop_reset_geography_mail_allfilter.json136
-rw-r--r--data/case_data/security_rule/deny_drop_reset_geography_mail_subject.json56
-rw-r--r--data/case_data/security_rule/deny_drop_reset_geography_ssl_allfilter.json87
-rw-r--r--data/case_data/security_rule/deny_drop_reset_geography_ssl_sni.json87
-rw-r--r--data/case_data/security_rule/deny_drop_reset_subid_ftp_allfilter.json63
-rw-r--r--data/case_data/security_rule/deny_drop_reset_subid_ftp_uri.json47
-rw-r--r--data/case_data/security_rule/deny_drop_reset_subid_http_host.json47
-rw-r--r--data/case_data/security_rule/deny_drop_reset_subid_mail_allfilter.json143
-rw-r--r--data/case_data/security_rule/deny_drop_reset_subid_mail_subject.json47
-rw-r--r--data/case_data/security_rule/deny_drop_reset_subid_ssl_allfilter.json78
-rw-r--r--data/case_data/security_rule/deny_drop_reset_subid_ssl_sni.json78
-rw-r--r--data/case_data/security_rule/deny_rate_limit_geography_ftp_allfilter.json89
-rw-r--r--data/case_data/security_rule/deny_rate_limit_geography_ftp_uri.json57
-rw-r--r--data/case_data/security_rule/deny_rate_limit_geography_http_allfilter.json139
-rw-r--r--data/case_data/security_rule/deny_rate_limit_geography_http_host.json57
-rw-r--r--data/case_data/security_rule/deny_rate_limit_geography_mail_allfilter.json137
-rw-r--r--data/case_data/security_rule/deny_rate_limit_geography_mail_subject.json57
-rw-r--r--data/case_data/security_rule/deny_rate_limit_geography_ssl_allfilter.json88
-rw-r--r--data/case_data/security_rule/deny_rate_limit_geography_ssl_sni.json57
-rw-r--r--data/case_data/security_rule/deny_rate_limit_subid_ftp_allfilter.json80
-rw-r--r--data/case_data/security_rule/deny_rate_limit_subid_ftp_uri.json48
-rw-r--r--data/case_data/security_rule/deny_rate_limit_subid_http_allfilter.json130
-rw-r--r--data/case_data/security_rule/deny_rate_limit_subid_http_host.json48
-rw-r--r--data/case_data/security_rule/deny_rate_limit_subid_mail_allfilter.json128
-rw-r--r--data/case_data/security_rule/deny_rate_limit_subid_mail_subject.json48
-rw-r--r--data/case_data/security_rule/deny_rate_limit_subid_ssl_allfilter.json79
-rw-r--r--data/case_data/security_rule/deny_rate_limit_subid_ssl_sni.json48
-rw-r--r--data/case_data/security_rule/deny_redirect_303_geography_http_allfilter.json91
-rw-r--r--data/case_data/security_rule/deny_redirect_303_geography_http_url.json58
-rw-r--r--data/case_data/security_rule/deny_redirect_303_subid_http_allfilter.json82
-rw-r--r--data/case_data/security_rule/deny_redirect_303_subid_http_host.json49
-rw-r--r--data/case_data/security_rule/deny_redirect_AAAA_cname_profile_geography_qname.json79
-rw-r--r--data/case_data/security_rule/deny_redirect_AAAA_cname_profile_subid_qname.json70
-rw-r--r--data/case_data/security_rule/deny_redirect_AAAA_cname_text_geography_qname.json71
-rw-r--r--data/case_data/security_rule/deny_redirect_AAAA_cname_text_subid_qname.json62
-rw-r--r--data/case_data/security_rule/deny_redirect_AAAA_profile_geography_qname.json79
-rw-r--r--data/case_data/security_rule/deny_redirect_AAAA_profile_subid_qname.json70
-rw-r--r--data/case_data/security_rule/deny_redirect_AAAA_text_geography_qname.json71
-rw-r--r--data/case_data/security_rule/deny_redirect_AAAA_text_subid_qname.json71
-rw-r--r--data/case_data/security_rule/deny_redirect_A_cname_profile_geography_qname.json79
-rw-r--r--data/case_data/security_rule/deny_redirect_A_cname_profile_subid_qname.json70
-rw-r--r--data/case_data/security_rule/deny_redirect_A_cname_text_geography_qname.json71
-rw-r--r--data/case_data/security_rule/deny_redirect_A_cname_text_subid_qname.json62
-rw-r--r--data/case_data/security_rule/deny_redirect_A_profile_geography_qname.json79
-rw-r--r--data/case_data/security_rule/deny_redirect_A_profile_subid_qname.json70
-rw-r--r--data/case_data/security_rule/deny_redirect_A_text_geograohy_qname.json71
-rw-r--r--data/case_data/security_rule/deny_redirect_A_text_subid_qname.json62
-rw-r--r--data/case_data/security_rule/deny_tamper_geography_dns_qname.json56
-rw-r--r--data/case_data/security_rule/deny_tamper_geography_ftp_allfilter.json88
-rw-r--r--data/case_data/security_rule/deny_tamper_geography_ftp_uri.json56
-rw-r--r--data/case_data/security_rule/deny_tamper_geography_http_allfilter.json138
-rw-r--r--data/case_data/security_rule/deny_tamper_geography_http_host.json56
-rw-r--r--data/case_data/security_rule/deny_tamper_geography_mail_allfilter.json136
-rw-r--r--data/case_data/security_rule/deny_tamper_geography_mail_subject.json56
-rw-r--r--data/case_data/security_rule/deny_tamper_geography_ssl_allfilter.json88
-rw-r--r--data/case_data/security_rule/deny_tamper_geography_ssl_sni.json56
-rw-r--r--data/case_data/security_rule/deny_tamper_subid_dns_qname.json47
-rw-r--r--data/case_data/security_rule/deny_tamper_subid_ftp_allfilter.json88
-rw-r--r--data/case_data/security_rule/deny_tamper_subid_ftp_uri.json56
-rw-r--r--data/case_data/security_rule/deny_tamper_subid_http_allfilter.json138
-rw-r--r--data/case_data/security_rule/deny_tamper_subid_http_host.json56
-rw-r--r--data/case_data/security_rule/deny_tamper_subid_mail_allfilter.json136
-rw-r--r--data/case_data/security_rule/deny_tamper_subid_mail_subject.json56
-rw-r--r--data/case_data/security_rule/deny_tamper_subid_ssl_allfilter.json88
-rw-r--r--data/case_data/security_rule/deny_tamper_subid_ssl_sni.json56
-rw-r--r--data/case_data/security_rule/security_deny_drop_gre.json31
-rw-r--r--data/case_data/security_rule/shunt_geography_dns.json39
-rw-r--r--data/case_data/security_rule/shunt_geography_ftp.json39
-rw-r--r--data/case_data/security_rule/shunt_geography_http.json39
-rw-r--r--data/case_data/security_rule/shunt_geography_mail.json39
-rw-r--r--data/case_data/security_rule/shunt_geography_ssl.json39
-rw-r--r--data/case_data/security_rule/shunt_subid_dns.json30
-rw-r--r--data/case_data/security_rule/shunt_subid_ftp.json30
-rw-r--r--data/case_data/security_rule/shunt_subid_http.json30
-rw-r--r--data/case_data/security_rule/shunt_subid_mail.json30
-rw-r--r--data/case_data/security_rule/shunt_subid_ssl.json30
-rw-r--r--data/case_data/temp/a/deny_tamper_geography_ssl_allfilter.json88
-rw-r--r--data/template/proxy_intercept_rule/intercept_geography_http_host.json23
-rw-r--r--data/template/proxy_intercept_rule/intercept_geography_ssl_sni.json26
-rw-r--r--data/template/proxy_intercept_rule/intercept_subid_http_host.json2
-rw-r--r--data/template/proxy_intercept_rule/intercept_subid_ssl_sni.json2
-rw-r--r--data/template/proxy_intercept_rule/no_intercept_geography_http_host.json23
-rw-r--r--data/template/proxy_intercept_rule/no_intercept_geography_ssl_sni.json26
-rw-r--r--data/template/proxy_intercept_rule/no_intercept_subid_http_host.json4
-rw-r--r--data/template/proxy_intercept_rule/no_intercept_subid_ssl_sni.json2
-rw-r--r--data/template/proxy_manipulation_rule/allow_geography_allfilter.json21
-rw-r--r--data/template/proxy_manipulation_rule/allow_geography_host.json21
-rw-r--r--data/template/proxy_manipulation_rule/deny_403_profile_geography_allfilter.json21
-rw-r--r--data/template/proxy_manipulation_rule/deny_403_profile_geography_host.json21
-rw-r--r--data/template/proxy_manipulation_rule/deny_403_text_geography_allfilter.json21
-rw-r--r--data/template/proxy_manipulation_rule/deny_403_text_geography_host.json21
-rw-r--r--data/template/proxy_manipulation_rule/deny_404_profile_geography_allfilter.json25
-rw-r--r--data/template/proxy_manipulation_rule/deny_404_profile_geography_host.json23
-rw-r--r--data/template/proxy_manipulation_rule/deny_404_profile_subid_allfilter.json4
-rw-r--r--data/template/proxy_manipulation_rule/deny_404_profile_subid_host.json2
-rw-r--r--data/template/proxy_manipulation_rule/deny_404_text_geography_allfilter.json25
-rw-r--r--data/template/proxy_manipulation_rule/deny_404_text_geography_host.json23
-rw-r--r--data/template/proxy_manipulation_rule/deny_404_text_subid_allfilter.json4
-rw-r--r--data/template/proxy_manipulation_rule/deny_404_text_subid_host.json2
-rw-r--r--data/template/proxy_manipulation_rule/deny_451_profile_geography_allfilter.json25
-rw-r--r--data/template/proxy_manipulation_rule/deny_451_profile_geography_host.json23
-rw-r--r--data/template/proxy_manipulation_rule/deny_451_profile_subid_allfilter.json4
-rw-r--r--data/template/proxy_manipulation_rule/deny_451_profile_subid_host.json2
-rw-r--r--data/template/proxy_manipulation_rule/deny_451_text_geography_allfilter.json4
-rw-r--r--data/template/proxy_manipulation_rule/deny_451_text_geography_host.json23
-rw-r--r--data/template/proxy_manipulation_rule/deny_451_text_subid_allfilter.json2
-rw-r--r--data/template/proxy_manipulation_rule/edit_element_inside_mark_geography_allfilter.json25
-rw-r--r--data/template/proxy_manipulation_rule/edit_element_inside_mark_geography_url.json23
-rw-r--r--data/template/proxy_manipulation_rule/edit_element_inside_mark_subid_allfilter.json2
-rw-r--r--data/template/proxy_manipulation_rule/edit_element_inside_mark_subid_url.json2
-rw-r--r--data/template/proxy_manipulation_rule/edit_element_inside_remove_geography_allfilter.json23
-rw-r--r--data/template/proxy_manipulation_rule/edit_element_inside_remove_geography_url.json23
-rw-r--r--data/template/proxy_manipulation_rule/edit_element_whole_mark_geography_allfilter.json23
-rw-r--r--data/template/proxy_manipulation_rule/edit_element_whole_mark_profile_geography_url.json (renamed from data/template/proxy_manipulation_rule/edit_element_whole_mark_profile_url.json)2
-rw-r--r--data/template/proxy_manipulation_rule/edit_element_whole_mark_subid_allfilter.json2
-rw-r--r--data/template/proxy_manipulation_rule/edit_element_whole_mark_subid_url.json2
-rw-r--r--data/template/proxy_manipulation_rule/edit_element_whole_remove_geography_allfilter.json21
-rw-r--r--data/template/proxy_manipulation_rule/edit_element_whole_remove_geography_url.json21
-rw-r--r--data/template/proxy_manipulation_rule/hijack_geography_http_allfilter.json21
-rw-r--r--data/template/proxy_manipulation_rule/hijack_geography_url.json21
-rw-r--r--data/template/proxy_manipulation_rule/insert_geography_url.json21
-rw-r--r--data/template/proxy_manipulation_rule/insert_gepgraphy_allfilter.json21
-rw-r--r--data/template/proxy_manipulation_rule/monitor_geography_allfilter.json21
-rw-r--r--data/template/proxy_manipulation_rule/monitor_geography_host.json21
-rw-r--r--data/template/proxy_manipulation_rule/redirect_301_geography_allfilter.json21
-rw-r--r--data/template/proxy_manipulation_rule/redirect_301_geography_url.json21
-rw-r--r--data/template/proxy_manipulation_rule/redirect_302_geography_allfilter.json21
-rw-r--r--data/template/proxy_manipulation_rule/redirect_302_geography_url.json21
202 files changed, 11668 insertions, 254 deletions
diff --git a/createObject.py b/createObject.py
index 5e7ad67..0ec27d8 100644
--- a/createObject.py
+++ b/createObject.py
@@ -60,7 +60,7 @@ class CreateObject():
print(dst_list)
if index < run_times:
erase = delConfig.Erase()
- erase.del_config(token, [], self.ip_ids, self.subid_ids, self.fqdn_ids, self.url_ids, self.flag_ids, self.keywords_ids, self.account_ids, self.http_signature_ids, [], api_host, vsys_id)
+ erase.del_config(token, [], self.ip_ids, self.subid_ids, self.fqdn_ids, self.url_ids, self.flag_ids, self.keywords_ids, self.account_ids, self.http_signature_ids, [], [], api_host, vsys_id)
else:
# 将测试用例中的数据传入模板文件后创建object
index = 1
@@ -225,16 +225,14 @@ class CreateObject():
items.append(string)
elif is_repeat == 1 and obj_type == 'ip':
for item in add_item_list:
- # patterns = []
object_file = item['keywordArray'][0]
- with open(object_file, 'r', encoding="utf-8-sig") as file:
- lines = file.readlines()
- for line in lines:
+ with open(object_file, 'r', encoding='utf-8-sig') as file:
+ for line in file:
ip = line.strip()
- # patterns = []
object_dict['ip_address'] = ip
object_dict = dict(ip=object_dict, op='add')
items.append(object_dict)
+ file.close()
if obj_type == 'geolocation':
member = dict(geolocation = geolocation, type = 'library')
else:
diff --git a/data/case_data/object_performance/security_deny_create_50w_ip.json b/data/case_data/object_performance/security_deny_create_1000_ip.json
index e6664bc..e6664bc 100644
--- a/data/case_data/object_performance/security_deny_create_50w_ip.json
+++ b/data/case_data/object_performance/security_deny_create_1000_ip.json
diff --git a/data/case_data/security_rule/allow_geography_dns_qname.json b/data/case_data/security_rule/allow_geography_dns_qname.json
new file mode 100644
index 0000000..712457a
--- /dev/null
+++ b/data/case_data/security_rule/allow_geography_dns_qname.json
@@ -0,0 +1,55 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "allow",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "93.184.215.14"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_DNS_QNAME ",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.jd.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["dns"],
+ "hope_return": "www.example.com",
+ "counters_1": {"hits": 2},
+ "log_query_param_1": [{"query_field_key":"dns_qname","query_value":"www.example.com"}],
+ "command": "nslookup www.example.com -timeout=1"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/allow_geography_ftp_allfilter.json b/data/case_data/security_rule/allow_geography_ftp_allfilter.json
new file mode 100644
index 0000000..87afaa5
--- /dev/null
+++ b/data/case_data/security_rule/allow_geography_ftp_allfilter.json
@@ -0,0 +1,87 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "allow",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_URI",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "/autoFtp/english_big.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "autotest"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_ACCOUNT",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "ftpuser"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ftp"],
+ "hope_return": "autotest",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ftp_account","query_value":"ftpuser"}],
+ "command": "curl -m 5 ftp://192.168.40.206/autoFtp/english_big.txt -u ftpuser:111111"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/allow_geography_ftp_uri.json b/data/case_data/security_rule/allow_geography_ftp_uri.json
new file mode 100644
index 0000000..c492ada
--- /dev/null
+++ b/data/case_data/security_rule/allow_geography_ftp_uri.json
@@ -0,0 +1,55 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "allow",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_URI",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "/autoFtp/english_big.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ftp"],
+ "hope_return": "autotest",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ftp_account","query_value":"ftpuser"}],
+ "command": "curl -m 5 ftp://192.168.40.206/autoFtp/english_big.txt -u ftpuser:111111"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/allow_geography_http_allfilter.json b/data/case_data/security_rule/allow_geography_http_allfilter.json
new file mode 100644
index 0000000..b90aef6
--- /dev/null
+++ b/data/case_data/security_rule/allow_geography_http_allfilter.json
@@ -0,0 +1,137 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "allow",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_RES_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "Content-Type",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "text/html"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_BODY",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "requestbodysubstring"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_RES_BODY",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "responsebodysubstring"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "POST",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"http_host","query_value":"open.node.com"}],
+ "command": "curl --connect-timeout 5 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"requestbodysubstring\\\",\\\"setcook\\\":\\\"asdf\\\",\\\"contenttype\\\": \\\"charset\\\",\\\"responsebody\\\": \\\"responsebodysubstring\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/allow_geography_http_host.json b/data/case_data/security_rule/allow_geography_http_host.json
new file mode 100644
index 0000000..769788d
--- /dev/null
+++ b/data/case_data/security_rule/allow_geography_http_host.json
@@ -0,0 +1,55 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "allow",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "POST",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"http_host","query_value":"open.node.com:180"}],
+ "command": "curl -kv http://open.node.com:180/go"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/allow_geography_mail_allfilter.json b/data/case_data/security_rule/allow_geography_mail_allfilter.json
new file mode 100644
index 0000000..959d60e
--- /dev/null
+++ b/data/case_data/security_rule/allow_geography_mail_allfilter.json
@@ -0,0 +1,151 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "allow",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_NAME",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "mail_test_english.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "hala"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_FROM",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "[email protected]"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_TO",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "[email protected]"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ACCOUNT",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "[email protected]"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"mail_subject","query_value":"Bestman"}],
+ "command": "curl --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/allow_geography_mail_subject.json b/data/case_data/security_rule/allow_geography_mail_subject.json
new file mode 100644
index 0000000..be651c8
--- /dev/null
+++ b/data/case_data/security_rule/allow_geography_mail_subject.json
@@ -0,0 +1,55 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "allow",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"mail_subject","query_value":"Bestman"}],
+ "command": "curl --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/allow_geography_ssl_allfilter.json b/data/case_data/security_rule/allow_geography_ssl_allfilter.json
new file mode 100644
index 0000000..b2ae9e7
--- /dev/null
+++ b/data/case_data/security_rule/allow_geography_ssl_allfilter.json
@@ -0,0 +1,86 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "allow",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237561",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "93.184.215.14"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "example"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SSL_CN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "example"
+ ]
+ }
+ ]
+ }
+ ]
+ },{
+ "attribute_name": "ATTR_SSL_SAN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "example"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ssl"],
+ "hope_return": "Example Domain",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ssl_sni","query_value":"www.example.com"}],
+ "command": "curl -kv https://www.example.com"
+}
diff --git a/data/case_data/security_rule/allow_geography_ssl_sni.json b/data/case_data/security_rule/allow_geography_ssl_sni.json
new file mode 100644
index 0000000..8654e77
--- /dev/null
+++ b/data/case_data/security_rule/allow_geography_ssl_sni.json
@@ -0,0 +1,56 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "allow",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "93.184.215.14"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "example"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+
+ "app_name_1": ["ssl"],
+ "hope_return": "Example Domain",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ssl_sni","query_value":"www.example.com"}],
+ "command": "curl -kv https://www.example.com"
+ }
diff --git a/data/case_data/security_rule/allow_subid_dns_qname.json b/data/case_data/security_rule/allow_subid_dns_qname.json
new file mode 100644
index 0000000..eacdcb5
--- /dev/null
+++ b/data/case_data/security_rule/allow_subid_dns_qname.json
@@ -0,0 +1,46 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "allow",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_DNS_QNAME ",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.example.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["dns"],
+ "hope_return": "www.example.com",
+ "counters_1": {"hits": 2},
+ "log_query_param_1": [{"query_field_key":"dns_qname","query_value":"www.example.com"}],
+ "command": "nslookup www.example.com -timeout=1"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/allow_subid_ftp_allfilter.json b/data/case_data/security_rule/allow_subid_ftp_allfilter.json
new file mode 100644
index 0000000..02aa70c
--- /dev/null
+++ b/data/case_data/security_rule/allow_subid_ftp_allfilter.json
@@ -0,0 +1,78 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "allow",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_URI",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "/autoFtp/english_big.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "autotest"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_ACCOUNT",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "ftpuser"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ftp"],
+ "hope_return": "autotest",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ftp_account","query_value":"ftpuser"}],
+ "command": "curl -m 5 ftp://192.168.40.206/autoFtp/english_big.txt -u ftpuser:111111"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/allow_subid_ftp_uri.json b/data/case_data/security_rule/allow_subid_ftp_uri.json
new file mode 100644
index 0000000..0449961
--- /dev/null
+++ b/data/case_data/security_rule/allow_subid_ftp_uri.json
@@ -0,0 +1,46 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "allow",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_URI",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "autoFtp/english_big.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ftp"],
+ "hope_return": "autotest",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ftp_account","query_value":"ftpuser"}],
+ "command": "curl -m 5 ftp://192.168.40.206/autoFtp/english_big.txt -u ftpuser:111111"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/allow_subid_http_allfilter.json b/data/case_data/security_rule/allow_subid_http_allfilter.json
new file mode 100644
index 0000000..ea8ce4f
--- /dev/null
+++ b/data/case_data/security_rule/allow_subid_http_allfilter.json
@@ -0,0 +1,128 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "allow",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_RES_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "Content-Type",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "text/html"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_BODY",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "requestbodysubstring"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_RES_BODY",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "responsebodysubstring"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "open.node.com",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"http_host","query_value":"open.node.com"}],
+ "command": "curl --connect-timeout 5 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"requestbodysubstring\\\",\\\"setcook\\\":\\\"asdf\\\",\\\"contenttype\\\": \\\"charset\\\",\\\"responsebody\\\": \\\"responsebodysubstring\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/allow_subid_http_host.json b/data/case_data/security_rule/allow_subid_http_host.json
new file mode 100644
index 0000000..20687ed
--- /dev/null
+++ b/data/case_data/security_rule/allow_subid_http_host.json
@@ -0,0 +1,46 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "allow",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "open.node.com",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"http_host","query_value":"open.node.com:180"}],
+ "command": "curl -kv http://open.node.com:180/go"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/allow_subid_mail_allfilter.json b/data/case_data/security_rule/allow_subid_mail_allfilter.json
new file mode 100644
index 0000000..6507dd9
--- /dev/null
+++ b/data/case_data/security_rule/allow_subid_mail_allfilter.json
@@ -0,0 +1,142 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "allow",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_NAME",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "mail_test_english.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "hala"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_FROM",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "[email protected]"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_TO",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "[email protected]"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ACCOUNT",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "[email protected]"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"mail_account","query_value":"[email protected]"}],
+ "command": "curl --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/allow_subid_mail_subject.json b/data/case_data/security_rule/allow_subid_mail_subject.json
new file mode 100644
index 0000000..523afbb
--- /dev/null
+++ b/data/case_data/security_rule/allow_subid_mail_subject.json
@@ -0,0 +1,46 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "allow",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"mail_subject","query_value":"Bestman"}],
+ "command": "curl --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/allow_subid_ssl_allfilter.json b/data/case_data/security_rule/allow_subid_ssl_allfilter.json
new file mode 100644
index 0000000..147e84a
--- /dev/null
+++ b/data/case_data/security_rule/allow_subid_ssl_allfilter.json
@@ -0,0 +1,77 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "allow",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SSL_CN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ },{
+ "attribute_name": "ATTR_SSL_SAN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ssl"],
+ "hope_return": "baidu",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ssl_sni","query_value":"www.baidu.com"}],
+ "command": "curl -kv https://www.baidu.com"
+}
diff --git a/data/case_data/security_rule/allow_subid_ssl_sni.json b/data/case_data/security_rule/allow_subid_ssl_sni.json
new file mode 100644
index 0000000..ffcf148
--- /dev/null
+++ b/data/case_data/security_rule/allow_subid_ssl_sni.json
@@ -0,0 +1,46 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "allow",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ssl"],
+ "hope_return": "baidu",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ssl_sni","query_value":"www.baidu.com"}],
+ "command": "curl -kv https://www.baidu.com"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_alert_200_profile_geography_http_allfilter.json b/data/case_data/security_rule/deny_alert_200_profile_geography_http_allfilter.json
new file mode 100644
index 0000000..df8f4e0
--- /dev/null
+++ b/data/case_data/security_rule/deny_alert_200_profile_geography_http_allfilter.json
@@ -0,0 +1,99 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "alert",
+ "code_1": 200,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "profile_condition_1": [
+ {
+ "profile_type": "response_page",
+ "format": "html",
+ "name": "auto_test_obj",
+ "return_data": 1
+ }
+ ],
+
+ "app_name_1": ["http"],
+ "hope_return": "200",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_alert_200_profile_geography_http_host.json b/data/case_data/security_rule/deny_alert_200_profile_geography_http_host.json
new file mode 100644
index 0000000..e1d5a3f
--- /dev/null
+++ b/data/case_data/security_rule/deny_alert_200_profile_geography_http_host.json
@@ -0,0 +1,65 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "alert",
+ "code_1": 200,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "profile_condition_1": [
+ {
+ "profile_type": "response_page",
+ "format": "html",
+ "name": "auto_test_obj",
+ "return_data": 1
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "200",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_alert_200_profile_subid_http_allfilter.json b/data/case_data/security_rule/deny_alert_200_profile_subid_http_allfilter.json
new file mode 100644
index 0000000..d2dbed4
--- /dev/null
+++ b/data/case_data/security_rule/deny_alert_200_profile_subid_http_allfilter.json
@@ -0,0 +1,90 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "alert",
+ "code_1": 200,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "profile_condition_1": [
+ {
+ "profile_type": "response_page",
+ "format": "html",
+ "name": "auto_test_obj",
+ "return_data": 1
+ }
+ ],
+
+ "app_name_1": ["http"],
+ "hope_return": "200",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_alert_200_profile_subid_http_host.json b/data/case_data/security_rule/deny_alert_200_profile_subid_http_host.json
new file mode 100644
index 0000000..647c4ce
--- /dev/null
+++ b/data/case_data/security_rule/deny_alert_200_profile_subid_http_host.json
@@ -0,0 +1,56 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "alert",
+ "code_1": 200,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "profile_condition_1": [
+ {
+ "profile_type": "response_page",
+ "format": "html",
+ "name": "auto_test_obj",
+ "return_data": 1
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "200",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_alert_200_text_geography_http_allfilter.json b/data/case_data/security_rule/deny_alert_200_text_geography_http_allfilter.json
new file mode 100644
index 0000000..94be3f3
--- /dev/null
+++ b/data/case_data/security_rule/deny_alert_200_text_geography_http_allfilter.json
@@ -0,0 +1,91 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "alert",
+ "code_1": 200,
+ "message_1": "test",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "test",
+ "counters_1": {},
+ "log_query_param_1": [],
+ "command": "wget -q -O- -d http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_alert_200_text_geography_http_host.json b/data/case_data/security_rule/deny_alert_200_text_geography_http_host.json
new file mode 100644
index 0000000..48ea2c9
--- /dev/null
+++ b/data/case_data/security_rule/deny_alert_200_text_geography_http_host.json
@@ -0,0 +1,58 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "alert",
+ "code_1": 200,
+ "message_1": "test",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "test",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_alert_200_text_subid_http_allfilter.json b/data/case_data/security_rule/deny_alert_200_text_subid_http_allfilter.json
new file mode 100644
index 0000000..1100083
--- /dev/null
+++ b/data/case_data/security_rule/deny_alert_200_text_subid_http_allfilter.json
@@ -0,0 +1,82 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "alert",
+ "code_1": 200,
+ "message_1": "text",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "test",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_alert_200_text_subid_http_host.json b/data/case_data/security_rule/deny_alert_200_text_subid_http_host.json
new file mode 100644
index 0000000..fc7d432
--- /dev/null
+++ b/data/case_data/security_rule/deny_alert_200_text_subid_http_host.json
@@ -0,0 +1,49 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "alert",
+ "code_1": 200,
+ "message_1": "test",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "test",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_alert_204_geography_http_allfilter.json b/data/case_data/security_rule/deny_alert_204_geography_http_allfilter.json
new file mode 100644
index 0000000..bc7e38f
--- /dev/null
+++ b/data/case_data/security_rule/deny_alert_204_geography_http_allfilter.json
@@ -0,0 +1,90 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "alert",
+ "code_1": 204,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "204",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d --debug http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_alert_204_geography_http_host.json b/data/case_data/security_rule/deny_alert_204_geography_http_host.json
new file mode 100644
index 0000000..2a46980
--- /dev/null
+++ b/data/case_data/security_rule/deny_alert_204_geography_http_host.json
@@ -0,0 +1,57 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "alert",
+ "code_1": 204,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "204",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d --debug http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_alert_204_subid_http_allfilter.json b/data/case_data/security_rule/deny_alert_204_subid_http_allfilter.json
new file mode 100644
index 0000000..1e1886c
--- /dev/null
+++ b/data/case_data/security_rule/deny_alert_204_subid_http_allfilter.json
@@ -0,0 +1,81 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "alert",
+ "code_1": 204,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "204",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d --debug http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_alert_204_subid_http_host.json b/data/case_data/security_rule/deny_alert_204_subid_http_host.json
new file mode 100644
index 0000000..662f2eb
--- /dev/null
+++ b/data/case_data/security_rule/deny_alert_204_subid_http_host.json
@@ -0,0 +1,48 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "alert",
+ "code_1": 204,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "204",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d --debug http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_block_403_profile_geography_http_allfilter.json b/data/case_data/security_rule/deny_block_403_profile_geography_http_allfilter.json
new file mode 100644
index 0000000..7e47792
--- /dev/null
+++ b/data/case_data/security_rule/deny_block_403_profile_geography_http_allfilter.json
@@ -0,0 +1,98 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "block",
+ "code_1": 403,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "profile_condition_1": [
+ {
+ "profile_type": "response_page",
+ "format": "html",
+ "name": "auto_test_obj",
+ "return_data": 1
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "403",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d --debug http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_block_403_profile_geography_http_host.json b/data/case_data/security_rule/deny_block_403_profile_geography_http_host.json
new file mode 100644
index 0000000..651d92e
--- /dev/null
+++ b/data/case_data/security_rule/deny_block_403_profile_geography_http_host.json
@@ -0,0 +1,65 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "block",
+ "code_1": 403,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "profile_condition_1": [
+ {
+ "profile_type": "response_page",
+ "format": "html",
+ "name": "auto_test_obj",
+ "return_data": 1
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "403",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d --debug http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_block_403_profile_subid_http_allfilter.json b/data/case_data/security_rule/deny_block_403_profile_subid_http_allfilter.json
new file mode 100644
index 0000000..fb320d4
--- /dev/null
+++ b/data/case_data/security_rule/deny_block_403_profile_subid_http_allfilter.json
@@ -0,0 +1,89 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "block",
+ "code_1": 403,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "profile_condition_1": [
+ {
+ "profile_type": "response_page",
+ "format": "html",
+ "name": "auto_test_obj",
+ "return_data": 1
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "403",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d --debug http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_block_403_profile_subid_http_host.json b/data/case_data/security_rule/deny_block_403_profile_subid_http_host.json
new file mode 100644
index 0000000..fb320d4
--- /dev/null
+++ b/data/case_data/security_rule/deny_block_403_profile_subid_http_host.json
@@ -0,0 +1,89 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "block",
+ "code_1": 403,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "profile_condition_1": [
+ {
+ "profile_type": "response_page",
+ "format": "html",
+ "name": "auto_test_obj",
+ "return_data": 1
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "403",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d --debug http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_block_403_text_geography_http_allfilter.json b/data/case_data/security_rule/deny_block_403_text_geography_http_allfilter.json
new file mode 100644
index 0000000..1284c08
--- /dev/null
+++ b/data/case_data/security_rule/deny_block_403_text_geography_http_allfilter.json
@@ -0,0 +1,91 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "block",
+ "message_1": "test",
+ "code_1": 403,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "403",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d --debug http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_block_403_text_geography_http_host.json b/data/case_data/security_rule/deny_block_403_text_geography_http_host.json
new file mode 100644
index 0000000..4c31f3a
--- /dev/null
+++ b/data/case_data/security_rule/deny_block_403_text_geography_http_host.json
@@ -0,0 +1,58 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "block",
+ "message_1": "test",
+ "code_1": 403,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "403",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d --debug http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_block_403_text_subid_http_allfilter.json b/data/case_data/security_rule/deny_block_403_text_subid_http_allfilter.json
new file mode 100644
index 0000000..a3f074f
--- /dev/null
+++ b/data/case_data/security_rule/deny_block_403_text_subid_http_allfilter.json
@@ -0,0 +1,82 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "block",
+ "message_1": "test",
+ "code_1": 403,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "403",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d --debug http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_block_403_text_subid_http_host.json b/data/case_data/security_rule/deny_block_403_text_subid_http_host.json
new file mode 100644
index 0000000..820ddb5
--- /dev/null
+++ b/data/case_data/security_rule/deny_block_403_text_subid_http_host.json
@@ -0,0 +1,49 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "block",
+ "message_1": "test",
+ "code_1": 403,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "403",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d --debug http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_block_404_profile_geography_http_allfilter.json b/data/case_data/security_rule/deny_block_404_profile_geography_http_allfilter.json
new file mode 100644
index 0000000..c716231
--- /dev/null
+++ b/data/case_data/security_rule/deny_block_404_profile_geography_http_allfilter.json
@@ -0,0 +1,98 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "block",
+ "code_1": 404,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "profile_condition_1": [
+ {
+ "profile_type": "response_page",
+ "format": "html",
+ "name": "auto_test_obj",
+ "return_data": 1
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "404",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d --debug http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_block_404_profile_geography_http_host.json b/data/case_data/security_rule/deny_block_404_profile_geography_http_host.json
new file mode 100644
index 0000000..d2992e3
--- /dev/null
+++ b/data/case_data/security_rule/deny_block_404_profile_geography_http_host.json
@@ -0,0 +1,65 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "block",
+ "code_1": 404,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "profile_condition_1": [
+ {
+ "profile_type": "response_page",
+ "format": "html",
+ "name": "auto_test_obj",
+ "return_data": 1
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "404",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d --debug http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_block_404_profile_subid_http_allfilter.json b/data/case_data/security_rule/deny_block_404_profile_subid_http_allfilter.json
new file mode 100644
index 0000000..e5df1bf
--- /dev/null
+++ b/data/case_data/security_rule/deny_block_404_profile_subid_http_allfilter.json
@@ -0,0 +1,89 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "block",
+ "code_1": 404,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "profile_condition_1": [
+ {
+ "profile_type": "response_page",
+ "format": "html",
+ "name": "auto_test_obj",
+ "return_data": 1
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "404",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d --debug http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_block_404_profile_subid_http_host.json b/data/case_data/security_rule/deny_block_404_profile_subid_http_host.json
new file mode 100644
index 0000000..e5df1bf
--- /dev/null
+++ b/data/case_data/security_rule/deny_block_404_profile_subid_http_host.json
@@ -0,0 +1,89 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "block",
+ "code_1": 404,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "profile_condition_1": [
+ {
+ "profile_type": "response_page",
+ "format": "html",
+ "name": "auto_test_obj",
+ "return_data": 1
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "404",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d --debug http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_block_404_text_geography_http_allfilter.json b/data/case_data/security_rule/deny_block_404_text_geography_http_allfilter.json
new file mode 100644
index 0000000..b63dc64
--- /dev/null
+++ b/data/case_data/security_rule/deny_block_404_text_geography_http_allfilter.json
@@ -0,0 +1,91 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "block",
+ "message_1": "test",
+ "code_1": 404,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "404",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d --debug http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_block_404_text_geography_http_host.json b/data/case_data/security_rule/deny_block_404_text_geography_http_host.json
new file mode 100644
index 0000000..369fd6c
--- /dev/null
+++ b/data/case_data/security_rule/deny_block_404_text_geography_http_host.json
@@ -0,0 +1,58 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "block",
+ "message_1": "test",
+ "code_1": 404,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "404",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d --debug http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_block_404_text_subid_http_allfilter.json b/data/case_data/security_rule/deny_block_404_text_subid_http_allfilter.json
new file mode 100644
index 0000000..6986895
--- /dev/null
+++ b/data/case_data/security_rule/deny_block_404_text_subid_http_allfilter.json
@@ -0,0 +1,82 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "block",
+ "message_1": "test",
+ "code_1": 404,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "404",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d --debug http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_block_404_text_subid_http_host.json b/data/case_data/security_rule/deny_block_404_text_subid_http_host.json
new file mode 100644
index 0000000..0cc16c5
--- /dev/null
+++ b/data/case_data/security_rule/deny_block_404_text_subid_http_host.json
@@ -0,0 +1,49 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "block",
+ "message_1": "test",
+ "code_1": 404,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "404",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"security_action","query_value":"deny"}],
+ "command": "wget -q -O- -d --debug http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_block_550_geography_mail_allfilter.json b/data/case_data/security_rule/deny_block_550_geography_mail_allfilter.json
new file mode 100644
index 0000000..e9d3b96
--- /dev/null
+++ b/data/case_data/security_rule/deny_block_550_geography_mail_allfilter.json
@@ -0,0 +1,105 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "block",
+ "code_1": 550,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_NAME",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "mail_test_english.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "hala"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "550",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"mail_account","query_value":"[email protected]"}],
+ "command": "curl -kv --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_block_550_geography_mail_subject.json b/data/case_data/security_rule/deny_block_550_geography_mail_subject.json
new file mode 100644
index 0000000..c426e77
--- /dev/null
+++ b/data/case_data/security_rule/deny_block_550_geography_mail_subject.json
@@ -0,0 +1,57 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "block",
+ "code_1": 550,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "550",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"mail_account","query_value":"[email protected]"}],
+ "command": "curl -kv --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_block_550_subid_mail_allfilter.json b/data/case_data/security_rule/deny_block_550_subid_mail_allfilter.json
new file mode 100644
index 0000000..50cdc11
--- /dev/null
+++ b/data/case_data/security_rule/deny_block_550_subid_mail_allfilter.json
@@ -0,0 +1,96 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "block",
+ "code_1": 550,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_NAME",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "mail_test_english.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "hala"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "550",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"mail_account","query_value":"[email protected]"}],
+ "command": "curl -kv --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_block_550_subid_mail_subject.json b/data/case_data/security_rule/deny_block_550_subid_mail_subject.json
new file mode 100644
index 0000000..6fb4116
--- /dev/null
+++ b/data/case_data/security_rule/deny_block_550_subid_mail_subject.json
@@ -0,0 +1,48 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "block",
+ "code_1": 550,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "550",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"mail_account","query_value":"[email protected]"}],
+ "command": "curl -kv --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_block_551_geography_mail_allfilter.json b/data/case_data/security_rule/deny_block_551_geography_mail_allfilter.json
new file mode 100644
index 0000000..7e1e03c
--- /dev/null
+++ b/data/case_data/security_rule/deny_block_551_geography_mail_allfilter.json
@@ -0,0 +1,105 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "block",
+ "code_1": 551,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_NAME",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "mail_test_english.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "hala"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "551",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"mail_account","query_value":"[email protected]"}],
+ "command": "curl -kv --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_block_551_geography_mail_subject.json b/data/case_data/security_rule/deny_block_551_geography_mail_subject.json
new file mode 100644
index 0000000..a8c2588
--- /dev/null
+++ b/data/case_data/security_rule/deny_block_551_geography_mail_subject.json
@@ -0,0 +1,57 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "block",
+ "code_1": 551,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "551",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"mail_account","query_value":"[email protected]"}],
+ "command": "curl -kv --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_block_551_subid_mail_allfilter.json b/data/case_data/security_rule/deny_block_551_subid_mail_allfilter.json
new file mode 100644
index 0000000..242f17f
--- /dev/null
+++ b/data/case_data/security_rule/deny_block_551_subid_mail_allfilter.json
@@ -0,0 +1,96 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "block",
+ "code_1": 551,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_NAME",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "mail_test_english.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "hala"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "551",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"mail_account","query_value":"[email protected]"}],
+ "command": "curl -kv --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_block_551_subid_mail_subject.json b/data/case_data/security_rule/deny_block_551_subid_mail_subject.json
new file mode 100644
index 0000000..ecbf4a7
--- /dev/null
+++ b/data/case_data/security_rule/deny_block_551_subid_mail_subject.json
@@ -0,0 +1,48 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "block",
+ "code_1": 551,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "551",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"mail_account","query_value":"[email protected]"}],
+ "command": "curl -kv --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_drop_icmp_geography_dns_qname.json b/data/case_data/security_rule/deny_drop_icmp_geography_dns_qname.json
new file mode 100644
index 0000000..37e85e7
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_icmp_geography_dns_qname.json
@@ -0,0 +1,58 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "send_icmp_unreachable_1": 1,
+ "send_tcp_reset_1": 0,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "93.184.215.14"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_DNS_QNAME",
+ "objectType": "fqdn",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.jd.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["dns"],
+ "hope_return": "connection timed out",
+ "counters_1": {"hits": 2},
+ "log_query_param_1": [{"query_field_key":"dns_qname","query_value":"www.jd.com"}],
+ "command": "nslookup www.jd.com -timeout=1"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_drop_icmp_geography_ftp_allfilter.json b/data/case_data/security_rule/deny_drop_icmp_geography_ftp_allfilter.json
new file mode 100644
index 0000000..1a85bc3
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_icmp_geography_ftp_allfilter.json
@@ -0,0 +1,90 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "send_tcp_reset_1": 0,
+ "send_icmp_unreachable_1": 1,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_URI",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "/autoFtp/english_big.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "autotest"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_ACCOUNT",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "ftpuser"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ftp"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ftp_account","query_value":"ftpuser"}],
+ "command": "curl -m 5 ftp://192.168.40.206/autoFtp/english_big.txt -u ftpuser:111111"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_drop_icmp_geography_ftp_uri.json b/data/case_data/security_rule/deny_drop_icmp_geography_ftp_uri.json
new file mode 100644
index 0000000..7ffa652
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_icmp_geography_ftp_uri.json
@@ -0,0 +1,58 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "send_tcp_reset_1": 0,
+ "send_icmp_unreachable_1": 1,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_URI",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "/autoFtp/english_big.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ftp"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ftp_account","query_value":"ftpuser"}],
+ "command": "curl -m 5 ftp://192.168.40.206/autoFtp/english_big.txt -u ftpuser:111111"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_drop_icmp_geography_http_allfilter.json b/data/case_data/security_rule/deny_drop_icmp_geography_http_allfilter.json
new file mode 100644
index 0000000..0c248e6
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_icmp_geography_http_allfilter.json
@@ -0,0 +1,140 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "send_tcp_reset_1": 0,
+ "send_icmp_unreachable": 1,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_RES_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "Content-Type",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "text/html"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_BODY",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "requestbodysubstring"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_RES_BODY",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "responsebodysubstring"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"http_host","query_value":"open.node.com:180"}],
+ "command": "curl --connect-timeout 5 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"requestbodysubstring\\\",\\\"setcook\\\":\\\"asdf\\\",\\\"contenttype\\\": \\\"charset\\\",\\\"responsebody\\\": \\\"responsebodysubstring\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_drop_icmp_geography_http_host.json b/data/case_data/security_rule/deny_drop_icmp_geography_http_host.json
new file mode 100644
index 0000000..5cf1270
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_icmp_geography_http_host.json
@@ -0,0 +1,58 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "send_tcp_reset_1": 0,
+ "send_icmp_unreachable": 1,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"http_host","query_value":"open.node.com:180"}],
+ "command": "curl -kv --connect-timeout 5 -m 10 http://open.node.com:180/go"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_drop_icmp_geography_mail_allfilter.json b/data/case_data/security_rule/deny_drop_icmp_geography_mail_allfilter.json
new file mode 100644
index 0000000..e9c265d
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_icmp_geography_mail_allfilter.json
@@ -0,0 +1,154 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "send_tcp_reset_1": 0,
+ "send_icmp_unreachable_1": 1,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_NAME",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "mail_test_english.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "hala"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_FROM",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "[email protected]"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_TO",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "[email protected]"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ACCOUNT",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "[email protected]"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"mail_subject","query_value":"Bestman"}],
+ "command": "curl --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_drop_icmp_geography_mail_subject.json b/data/case_data/security_rule/deny_drop_icmp_geography_mail_subject.json
new file mode 100644
index 0000000..260beaf
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_icmp_geography_mail_subject.json
@@ -0,0 +1,58 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "send_tcp_reset_1": 0,
+ "send_icmp_unreachable_1": 1,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"mail_subject","query_value":"Bestman"}],
+ "command": "curl --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_drop_icmp_geography_ssl_allfilter.json b/data/case_data/security_rule/deny_drop_icmp_geography_ssl_allfilter.json
new file mode 100644
index 0000000..d8c4cd8
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_icmp_geography_ssl_allfilter.json
@@ -0,0 +1,89 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "send_tcp_reset_1": 0,
+ "send_icmp_unreachable": 1,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SSL_CN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ },{
+ "attribute_name": "ATTR_SSL_SAN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ssl"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ssl_sni","query_value":"www.baidu.com"}],
+ "command": "curl -kv https://www.baidu.com"
+}
diff --git a/data/case_data/security_rule/deny_drop_icmp_geography_ssl_sni.json b/data/case_data/security_rule/deny_drop_icmp_geography_ssl_sni.json
new file mode 100644
index 0000000..d8c4cd8
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_icmp_geography_ssl_sni.json
@@ -0,0 +1,89 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "send_tcp_reset_1": 0,
+ "send_icmp_unreachable": 1,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SSL_CN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ },{
+ "attribute_name": "ATTR_SSL_SAN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ssl"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ssl_sni","query_value":"www.baidu.com"}],
+ "command": "curl -kv https://www.baidu.com"
+}
diff --git a/data/case_data/security_rule/deny_drop_icmp_subid_dns_qname.json b/data/case_data/security_rule/deny_drop_icmp_subid_dns_qname.json
new file mode 100644
index 0000000..a1f0417
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_icmp_subid_dns_qname.json
@@ -0,0 +1,49 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "send_icmp_unreachable_1": 1,
+ "send_tcp_reset_1": 0,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_DNS_QNAME",
+ "objectType": "fqdn",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.jd.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["dns"],
+ "hope_return": "connection timed out",
+ "counters_1": {"hits": 2},
+ "log_query_param_1": [{"query_field_key":"dns_qname","query_value":"www.jd.com"}],
+ "command": "nslookup www.jd.com -timeout=1"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_drop_icmp_subid_ftp_allfilter.json b/data/case_data/security_rule/deny_drop_icmp_subid_ftp_allfilter.json
new file mode 100644
index 0000000..27fe588
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_icmp_subid_ftp_allfilter.json
@@ -0,0 +1,81 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "send_tcp_reset_1": 0,
+ "send_icmp_unreachable_1": 1,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_URI",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "/autoFtp/english_big.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "autotest"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_ACCOUNT",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "ftpuser"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ftp"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ftp_account","query_value":"ftpuser"}],
+ "command": "curl -m 5 ftp://192.168.40.206/autoFtp/english_big.txt -u ftpuser:111111"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_drop_icmp_subid_ftp_uri.json b/data/case_data/security_rule/deny_drop_icmp_subid_ftp_uri.json
new file mode 100644
index 0000000..16776dc
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_icmp_subid_ftp_uri.json
@@ -0,0 +1,49 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "send_tcp_reset_1": 0,
+ "send_icmp_unreachable_1": 1,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_URI",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "/autoFtp/english_big.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ftp"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ftp_account","query_value":"ftpuser"}],
+ "command": "curl -m 5 ftp://192.168.40.206/autoFtp/english_big.txt -u ftpuser:111111"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_drop_icmp_subid_mail_allfilter.json b/data/case_data/security_rule/deny_drop_icmp_subid_mail_allfilter.json
new file mode 100644
index 0000000..d5d614e
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_icmp_subid_mail_allfilter.json
@@ -0,0 +1,145 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "send_tcp_reset_1": 0,
+ "send_icmp_unreachable_1": 1,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_NAME",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "mail_test_english.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "hala"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_FROM",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "[email protected]"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_TO",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "[email protected]"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ACCOUNT",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "[email protected]"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"mail_subject","query_value":"Bestman"}],
+ "command": "curl --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_drop_icmp_subid_mail_subject.json b/data/case_data/security_rule/deny_drop_icmp_subid_mail_subject.json
new file mode 100644
index 0000000..3752854
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_icmp_subid_mail_subject.json
@@ -0,0 +1,49 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "send_tcp_reset_1": 0,
+ "send_icmp_unreachable_1": 1,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"mail_subject","query_value":"Bestman"}],
+ "command": "curl --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_drop_reset_geography_ftp_allfilter.json b/data/case_data/security_rule/deny_drop_reset_geography_ftp_allfilter.json
new file mode 100644
index 0000000..d138c20
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_reset_geography_ftp_allfilter.json
@@ -0,0 +1,88 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_URI",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "/autoFtp/english.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "autotest"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_ACCOUNT",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "ftpuser"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ftp"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ftp_account","query_value":"ftpuser"}],
+ "command": "curl -m 5 ftp://192.168.40.206/autoFtp/english.txt -u ftpuser:111111"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_drop_reset_geography_ftp_uri.json b/data/case_data/security_rule/deny_drop_reset_geography_ftp_uri.json
new file mode 100644
index 0000000..ef3f2a3
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_reset_geography_ftp_uri.json
@@ -0,0 +1,56 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_URI",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "/autoFtp/english_big.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ftp"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ftp_account","query_value":"ftpuser"}],
+ "command": "curl -m 5 ftp://192.168.40.206/autoFtp/english_big.txt -u ftpuser:111111"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_drop_reset_geography_http_allfilter.json b/data/case_data/security_rule/deny_drop_reset_geography_http_allfilter.json
new file mode 100644
index 0000000..04caa30
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_reset_geography_http_allfilter.json
@@ -0,0 +1,138 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_RES_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "Content-Type",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "text/html"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_BODY",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "requestbodysubstring"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_RES_BODY",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "responsebodysubstring"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"http_host","query_value":"open.node.com:180"}],
+ "command": "curl --connect-timeout 5 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"requestbodysubstring\\\",\\\"setcook\\\":\\\"asdf\\\",\\\"contenttype\\\": \\\"charset\\\",\\\"responsebody\\\": \\\"responsebodysubstring\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_drop_reset_geography_http_host.json b/data/case_data/security_rule/deny_drop_reset_geography_http_host.json
new file mode 100644
index 0000000..2584b73
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_reset_geography_http_host.json
@@ -0,0 +1,56 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "reset",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"http_host","query_value":"open.node.com:180"}],
+ "command": "curl -kv http://open.node.com:180/go"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_drop_reset_geography_mail_allfilter.json b/data/case_data/security_rule/deny_drop_reset_geography_mail_allfilter.json
new file mode 100644
index 0000000..b94023c
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_reset_geography_mail_allfilter.json
@@ -0,0 +1,136 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_NAME",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "mail_test_english.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "hala"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_FROM",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "[email protected]"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_TO",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "[email protected]"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "reset",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"mail_subject","query_value":"Bestman"}],
+ "command": "curl --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_drop_reset_geography_mail_subject.json b/data/case_data/security_rule/deny_drop_reset_geography_mail_subject.json
new file mode 100644
index 0000000..a7cdf0b
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_reset_geography_mail_subject.json
@@ -0,0 +1,56 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "reset",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"mail_subject","query_value":"Bestman"}],
+ "command": "curl --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_drop_reset_geography_ssl_allfilter.json b/data/case_data/security_rule/deny_drop_reset_geography_ssl_allfilter.json
new file mode 100644
index 0000000..aece2d7
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_reset_geography_ssl_allfilter.json
@@ -0,0 +1,87 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SSL_CN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ },{
+ "attribute_name": "ATTR_SSL_SAN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ssl"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ssl_sni","query_value":"www.baidu.com"}],
+ "command": "curl -kv --connect-timeout 5 -m 10 https://www.baidu.com"
+}
diff --git a/data/case_data/security_rule/deny_drop_reset_geography_ssl_sni.json b/data/case_data/security_rule/deny_drop_reset_geography_ssl_sni.json
new file mode 100644
index 0000000..ee92c2b
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_reset_geography_ssl_sni.json
@@ -0,0 +1,87 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SSL_CN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ },{
+ "attribute_name": "ATTR_SSL_SAN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ssl"],
+ "hope_return": "reset",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ssl_sni","query_value":"www.baidu.com"}],
+ "command": "curl -kv https://www.baidu.com"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_drop_reset_subid_ftp_allfilter.json b/data/case_data/security_rule/deny_drop_reset_subid_ftp_allfilter.json
new file mode 100644
index 0000000..f320ff0
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_reset_subid_ftp_allfilter.json
@@ -0,0 +1,63 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_URI",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "/autoFtp/english_big.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "autotest"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ftp"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ftp_account","query_value":"ftpuser"}],
+ "command": "curl -m 5 ftp://192.168.40.206/autoFtp/english_big.txt -u ftpuser:111111"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_drop_reset_subid_ftp_uri.json b/data/case_data/security_rule/deny_drop_reset_subid_ftp_uri.json
new file mode 100644
index 0000000..85b2d64
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_reset_subid_ftp_uri.json
@@ -0,0 +1,47 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_URI",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "/autoFtp/english_big.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ftp"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ftp_account","query_value":"ftpuser"}],
+ "command": "curl -m 5 ftp://192.168.40.206/autoFtp/english_big.txt -u ftpuser:111111"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_drop_reset_subid_http_host.json b/data/case_data/security_rule/deny_drop_reset_subid_http_host.json
new file mode 100644
index 0000000..b953f46
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_reset_subid_http_host.json
@@ -0,0 +1,47 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "reset",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"log_count","query_value":"notEmpty"}],
+ "command": "curl -kv http://open.node.com:180/go"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_drop_reset_subid_mail_allfilter.json b/data/case_data/security_rule/deny_drop_reset_subid_mail_allfilter.json
new file mode 100644
index 0000000..62ad46a
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_reset_subid_mail_allfilter.json
@@ -0,0 +1,143 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_NAME",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "mail_test_english.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "hala"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_FROM",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "[email protected]"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_TO",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "[email protected]"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ACCOUNT",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "[email protected]"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "reset",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"mail_subject","query_value":"Bestman"}],
+ "command": "curl --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_drop_reset_subid_mail_subject.json b/data/case_data/security_rule/deny_drop_reset_subid_mail_subject.json
new file mode 100644
index 0000000..adbb3a4
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_reset_subid_mail_subject.json
@@ -0,0 +1,47 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "reset",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"mail_subject","query_value":"Bestman"}],
+ "command": "curl --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_drop_reset_subid_ssl_allfilter.json b/data/case_data/security_rule/deny_drop_reset_subid_ssl_allfilter.json
new file mode 100644
index 0000000..6879e76
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_reset_subid_ssl_allfilter.json
@@ -0,0 +1,78 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SSL_CN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ },{
+ "attribute_name": "ATTR_SSL_SAN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ssl"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ssl_sni","query_value":"www.baidu.com"}],
+ "command": "curl -kv https://www.baidu.com"
+}
diff --git a/data/case_data/security_rule/deny_drop_reset_subid_ssl_sni.json b/data/case_data/security_rule/deny_drop_reset_subid_ssl_sni.json
new file mode 100644
index 0000000..9f7c369
--- /dev/null
+++ b/data/case_data/security_rule/deny_drop_reset_subid_ssl_sni.json
@@ -0,0 +1,78 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "drop",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SSL_CN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ },{
+ "attribute_name": "ATTR_SSL_SAN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ssl"],
+ "hope_return": "reset",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ssl_sni","query_value":"www.baidu.com"}],
+ "command": "curl -kv https://www.baidu.com"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_rate_limit_geography_ftp_allfilter.json b/data/case_data/security_rule/deny_rate_limit_geography_ftp_allfilter.json
new file mode 100644
index 0000000..8cbdd83
--- /dev/null
+++ b/data/case_data/security_rule/deny_rate_limit_geography_ftp_allfilter.json
@@ -0,0 +1,89 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "rate_limit",
+ "bps_1": 10,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_URI",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "/autoFtp/english_big.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "autotest"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_ACCOUNT",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "ftpuser"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ftp"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ftp_account","query_value":"ftpuser"}],
+ "command": "curl -m 5 ftp://192.168.40.206/autoFtp/english_big.txt -u ftpuser:111111"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_rate_limit_geography_ftp_uri.json b/data/case_data/security_rule/deny_rate_limit_geography_ftp_uri.json
new file mode 100644
index 0000000..c03fc6e
--- /dev/null
+++ b/data/case_data/security_rule/deny_rate_limit_geography_ftp_uri.json
@@ -0,0 +1,57 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "rate_limit",
+ "bps_1": 10,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_URI",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "/autoFtp/english_big.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ftp"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ftp_account","query_value":"ftpuser"}],
+ "command": "curl -m 5 ftp://192.168.40.206/autoFtp/english_big.txt -u ftpuser:111111"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_rate_limit_geography_http_allfilter.json b/data/case_data/security_rule/deny_rate_limit_geography_http_allfilter.json
new file mode 100644
index 0000000..1d67794
--- /dev/null
+++ b/data/case_data/security_rule/deny_rate_limit_geography_http_allfilter.json
@@ -0,0 +1,139 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "rate_limit",
+ "bps_1": 10,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_RES_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "Content-Type",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "text/html"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_BODY",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "requestbodysubstring"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_RES_BODY",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "responsebodysubstring"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"http_host","query_value":"open.node.com:180"}],
+ "command": "curl --connect-timeout 5 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"requestbodysubstring\\\",\\\"setcook\\\":\\\"asdf\\\",\\\"contenttype\\\": \\\"charset\\\",\\\"responsebody\\\": \\\"responsebodysubstring\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_rate_limit_geography_http_host.json b/data/case_data/security_rule/deny_rate_limit_geography_http_host.json
new file mode 100644
index 0000000..753b866
--- /dev/null
+++ b/data/case_data/security_rule/deny_rate_limit_geography_http_host.json
@@ -0,0 +1,57 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "rate_limit",
+ "bps_1": 10,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"http_host","query_value":"open.node.com:180"}],
+ "command": "curl -kv --connect-timeout 5 -m 10 http://open.node.com:180/go"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_rate_limit_geography_mail_allfilter.json b/data/case_data/security_rule/deny_rate_limit_geography_mail_allfilter.json
new file mode 100644
index 0000000..853d688
--- /dev/null
+++ b/data/case_data/security_rule/deny_rate_limit_geography_mail_allfilter.json
@@ -0,0 +1,137 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "rate_limit",
+ "bps_1": 10,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_NAME",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "mail_test_english.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "hala"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_FROM",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "[email protected]"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_TO",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "[email protected]"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key": "mail_account","query_value": "[email protected]"}],
+ "command": "curl --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_rate_limit_geography_mail_subject.json b/data/case_data/security_rule/deny_rate_limit_geography_mail_subject.json
new file mode 100644
index 0000000..36a6a0a
--- /dev/null
+++ b/data/case_data/security_rule/deny_rate_limit_geography_mail_subject.json
@@ -0,0 +1,57 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "rate_limit",
+ "bps_1": 10,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key": "mail_account","query_value": "[email protected]"}],
+ "command": "curl --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_rate_limit_geography_ssl_allfilter.json b/data/case_data/security_rule/deny_rate_limit_geography_ssl_allfilter.json
new file mode 100644
index 0000000..57c0953
--- /dev/null
+++ b/data/case_data/security_rule/deny_rate_limit_geography_ssl_allfilter.json
@@ -0,0 +1,88 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "rate_limit",
+ "bps_1": 10,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SSL_CN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ },{
+ "attribute_name": "ATTR_SSL_SAN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ssl"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ssl_sni","query_value":"www.baidu.com"}],
+ "command": "curl -kv --connect-timeout 5 -m 10 https://www.baidu.com"
+}
diff --git a/data/case_data/security_rule/deny_rate_limit_geography_ssl_sni.json b/data/case_data/security_rule/deny_rate_limit_geography_ssl_sni.json
new file mode 100644
index 0000000..71e5b3a
--- /dev/null
+++ b/data/case_data/security_rule/deny_rate_limit_geography_ssl_sni.json
@@ -0,0 +1,57 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "rate_limit",
+ "bps_1": 10,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ssl"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ssl_sni","query_value":"www.baidu.com"}],
+ "command": "curl -kv --connect-timeout 5 -m 10 https://www.baidu.com"
+}
diff --git a/data/case_data/security_rule/deny_rate_limit_subid_ftp_allfilter.json b/data/case_data/security_rule/deny_rate_limit_subid_ftp_allfilter.json
new file mode 100644
index 0000000..19734a8
--- /dev/null
+++ b/data/case_data/security_rule/deny_rate_limit_subid_ftp_allfilter.json
@@ -0,0 +1,80 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "rate_limit",
+ "bps_1": 10,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_URI",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "/autoFtp/english_big.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "autotest"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_ACCOUNT",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "ftpuser"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ftp"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ftp_account","query_value":"ftpuser"}],
+ "command": "curl -m 5 ftp://192.168.40.206/autoFtp/english_big.txt -u ftpuser:111111"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_rate_limit_subid_ftp_uri.json b/data/case_data/security_rule/deny_rate_limit_subid_ftp_uri.json
new file mode 100644
index 0000000..d93f28a
--- /dev/null
+++ b/data/case_data/security_rule/deny_rate_limit_subid_ftp_uri.json
@@ -0,0 +1,48 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "rate_limit",
+ "bps_1": 10,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_URI",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "/autoFtp/english_big.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ftp"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ftp_account","query_value":"ftpuser"}],
+ "command": "curl -m 5 ftp://192.168.40.206/autoFtp/english_big.txt -u ftpuser:111111"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_rate_limit_subid_http_allfilter.json b/data/case_data/security_rule/deny_rate_limit_subid_http_allfilter.json
new file mode 100644
index 0000000..8cafbf8
--- /dev/null
+++ b/data/case_data/security_rule/deny_rate_limit_subid_http_allfilter.json
@@ -0,0 +1,130 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "rate_limit",
+ "bps_1": 10,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_RES_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "Content-Type",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "text/html"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_BODY",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "requestbodysubstring"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_RES_BODY",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "responsebodysubstring"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"http_host","query_value":"open.node.com:180"}],
+ "command": "curl --connect-timeout 5 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"requestbodysubstring\\\",\\\"setcook\\\":\\\"asdf\\\",\\\"contenttype\\\": \\\"charset\\\",\\\"responsebody\\\": \\\"responsebodysubstring\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_rate_limit_subid_http_host.json b/data/case_data/security_rule/deny_rate_limit_subid_http_host.json
new file mode 100644
index 0000000..29d7213
--- /dev/null
+++ b/data/case_data/security_rule/deny_rate_limit_subid_http_host.json
@@ -0,0 +1,48 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "rate_limit",
+ "bps_1": 10,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"http_host","query_value":"open.node.com:180"}],
+ "command": "curl -kv --connect-timeout 5 -m 10 http://open.node.com:180/go"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_rate_limit_subid_mail_allfilter.json b/data/case_data/security_rule/deny_rate_limit_subid_mail_allfilter.json
new file mode 100644
index 0000000..4b34b03
--- /dev/null
+++ b/data/case_data/security_rule/deny_rate_limit_subid_mail_allfilter.json
@@ -0,0 +1,128 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "rate_limit",
+ "bps_1": 10,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_NAME",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "mail_test_english.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "hala"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_FROM",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "[email protected]"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ACCOUNT",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "[email protected]"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key": "mail_account","query_value": "[email protected]"}],
+ "command": "curl --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_rate_limit_subid_mail_subject.json b/data/case_data/security_rule/deny_rate_limit_subid_mail_subject.json
new file mode 100644
index 0000000..447caa5
--- /dev/null
+++ b/data/case_data/security_rule/deny_rate_limit_subid_mail_subject.json
@@ -0,0 +1,48 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "rate_limit",
+ "bps_1": 10,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key": "mail_account","query_value": "[email protected]"}],
+ "command": "curl --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_rate_limit_subid_ssl_allfilter.json b/data/case_data/security_rule/deny_rate_limit_subid_ssl_allfilter.json
new file mode 100644
index 0000000..a258ce5
--- /dev/null
+++ b/data/case_data/security_rule/deny_rate_limit_subid_ssl_allfilter.json
@@ -0,0 +1,79 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "rate_limit",
+ "bps_1": 10,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SSL_CN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ },{
+ "attribute_name": "ATTR_SSL_SAN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ssl"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ssl_sni","query_value":"www.baidu.com"}],
+ "command": "curl -kv --connect-timeout 5 -m 10 https://www.baidu.com"
+}
diff --git a/data/case_data/security_rule/deny_rate_limit_subid_ssl_sni.json b/data/case_data/security_rule/deny_rate_limit_subid_ssl_sni.json
new file mode 100644
index 0000000..9b669cf
--- /dev/null
+++ b/data/case_data/security_rule/deny_rate_limit_subid_ssl_sni.json
@@ -0,0 +1,48 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "rate_limit",
+ "bps_1": 10,
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "baidu"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ssl"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ssl_sni","query_value":"www.baidu.com"}],
+ "command": "curl -kv --connect-timeout 5 -m 10 https://www.baidu.com"
+}
diff --git a/data/case_data/security_rule/deny_redirect_303_geography_http_allfilter.json b/data/case_data/security_rule/deny_redirect_303_geography_http_allfilter.json
new file mode 100644
index 0000000..06f2857
--- /dev/null
+++ b/data/case_data/security_rule/deny_redirect_303_geography_http_allfilter.json
@@ -0,0 +1,91 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "code_1": 303,
+ "method_1": "redirect",
+ "to_1": "https://www.baidu.com",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "百度一下",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"http_host","query_value":"open.node.com:180"}],
+ "command": "wget -q -O- -d --debug http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_redirect_303_geography_http_url.json b/data/case_data/security_rule/deny_redirect_303_geography_http_url.json
new file mode 100644
index 0000000..0ab7654
--- /dev/null
+++ b/data/case_data/security_rule/deny_redirect_303_geography_http_url.json
@@ -0,0 +1,58 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "code_1": 303,
+ "method_1": "redirect",
+ "to_1": "https://www.baidu.com",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "百度一下",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"http_host","query_value":"open.node.com:180"}],
+ "command": "wget -q -O- -d --debug http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_redirect_303_subid_http_allfilter.json b/data/case_data/security_rule/deny_redirect_303_subid_http_allfilter.json
new file mode 100644
index 0000000..59ca59e
--- /dev/null
+++ b/data/case_data/security_rule/deny_redirect_303_subid_http_allfilter.json
@@ -0,0 +1,82 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "code_1": 303,
+ "method_1": "redirect",
+ "to_1": "https://www.baidu.com",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "百度一下",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"http_host","query_value":"open.node.com:180"}],
+ "command": "wget -q -O- -d --debug http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_redirect_303_subid_http_host.json b/data/case_data/security_rule/deny_redirect_303_subid_http_host.json
new file mode 100644
index 0000000..b91b4c4
--- /dev/null
+++ b/data/case_data/security_rule/deny_redirect_303_subid_http_host.json
@@ -0,0 +1,49 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "code_1": 303,
+ "method_1": "redirect",
+ "to_1": "https://www.baidu.com",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "百度一下",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"http_host","query_value":"open.node.com:180"}],
+ "command": "wget -q -O- -d --debug http://open.node.com:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_redirect_AAAA_cname_profile_geography_qname.json b/data/case_data/security_rule/deny_redirect_AAAA_cname_profile_geography_qname.json
new file mode 100644
index 0000000..537932e
--- /dev/null
+++ b/data/case_data/security_rule/deny_redirect_AAAA_cname_profile_geography_qname.json
@@ -0,0 +1,79 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "redirect",
+ "profile_condition_1": [
+ {
+ "profile_type": "dns_record",
+ "type": "CNAME",
+ "value": "www.www.www"
+ }
+ ],
+ "resolution_1":[
+ {
+ "qtype":"AAAA",
+ "answer":[
+ {
+ "atype":"CNAME",
+ "record_id": "",
+ "selected_num": 1,
+ "ttl":{
+ "min":300,
+ "max":300
+ }
+ }
+ ]
+ }
+],
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "121.14.154.93"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_DNS_QNAME",
+ "objectType": "fqdn",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.example.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["dns"],
+ "hope_return": "www.www.www",
+ "counters_1": {"hits": 2},
+ "log_query_param_1": [{"query_field_key":"dns_qname","query_value":"www.example.com"}],
+ "command": "nslookup www.example.com -timeout=1"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_redirect_AAAA_cname_profile_subid_qname.json b/data/case_data/security_rule/deny_redirect_AAAA_cname_profile_subid_qname.json
new file mode 100644
index 0000000..25cbfba
--- /dev/null
+++ b/data/case_data/security_rule/deny_redirect_AAAA_cname_profile_subid_qname.json
@@ -0,0 +1,70 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "redirect",
+ "profile_condition_1": [
+ {
+ "profile_type": "dns_record",
+ "type": "CNAME",
+ "value": "www.www.www"
+ }
+ ],
+ "resolution_1":[
+ {
+ "qtype":"AAAA",
+ "answer":[
+ {
+ "atype":"CNAME",
+ "record_id": "",
+ "selected_num": 1,
+ "ttl":{
+ "min":300,
+ "max":300
+ }
+ }
+ ]
+ }
+],
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_DNS_QNAME",
+ "objectType": "fqdn",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.jd.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["dns"],
+ "hope_return": "www.www.www",
+ "counters_1": {"hits": 2},
+ "log_query_param_1": [{"query_field_key":"dns_qname","query_value":"www.jd.com"}],
+ "command": "nslookup www.jd.com -timeout=1"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_redirect_AAAA_cname_text_geography_qname.json b/data/case_data/security_rule/deny_redirect_AAAA_cname_text_geography_qname.json
new file mode 100644
index 0000000..7ece670
--- /dev/null
+++ b/data/case_data/security_rule/deny_redirect_AAAA_cname_text_geography_qname.json
@@ -0,0 +1,71 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "redirect",
+ "resolution_1":[
+ {
+ "qtype":"AAAA",
+ "answer":[
+ {
+ "atype":"CNAME",
+ "value":"www.www.www",
+ "ttl":{
+ "min":300,
+ "max":300
+ }
+ }
+ ]
+ }
+],
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "121.14.154.93"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_DNS_QNAME",
+ "objectType": "fqdn",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.example.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["dns"],
+ "hope_return": "www.www.www",
+ "counters_1": {"hits": 2},
+ "log_query_param_1": [{"query_field_key":"dns_qname","query_value":"www.example.com"}],
+ "command": "nslookup www.example.com -timeout=1"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_redirect_AAAA_cname_text_subid_qname.json b/data/case_data/security_rule/deny_redirect_AAAA_cname_text_subid_qname.json
new file mode 100644
index 0000000..6eecf3d
--- /dev/null
+++ b/data/case_data/security_rule/deny_redirect_AAAA_cname_text_subid_qname.json
@@ -0,0 +1,62 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "redirect",
+ "resolution_1":[
+ {
+ "qtype":"AAAA",
+ "answer":[
+ {
+ "atype":"CNAME",
+ "value":"www.www.www",
+ "ttl":{
+ "min":300,
+ "max":300
+ }
+ }
+ ]
+ }
+],
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_DNS_QNAME",
+ "objectType": "fqdn",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.jd.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["dns"],
+ "hope_return": "www.www.www",
+ "counters_1": {"hits": 2},
+ "log_query_param_1": [{"query_field_key":"dns_qname","query_value":"www.example.com"}],
+ "command": "nslookup www.example.com -timeout=1"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_redirect_AAAA_profile_geography_qname.json b/data/case_data/security_rule/deny_redirect_AAAA_profile_geography_qname.json
new file mode 100644
index 0000000..786b5fd
--- /dev/null
+++ b/data/case_data/security_rule/deny_redirect_AAAA_profile_geography_qname.json
@@ -0,0 +1,79 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "redirect",
+ "profile_condition_1": [
+ {
+ "profile_type": "dns_record",
+ "type": "AAAA",
+ "value": "1050:0:0:0:5:600:300c:326b"
+ }
+ ],
+ "resolution_1":[
+ {
+ "qtype":"AAAA",
+ "answer":[
+ {
+ "atype":"AAAA",
+ "record_id": "",
+ "selected_num": 1,
+ "ttl":{
+ "min":300,
+ "max":300
+ }
+ }
+ ]
+ }
+],
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "121.14.154.93"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_DNS_QNAME",
+ "objectType": "fqdn",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.example.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["dns"],
+ "hope_return": "326b",
+ "counters_1": {"hits": 2},
+ "log_query_param_1": [{"query_field_key":"dns_qname","query_value":"www.example.com"}],
+ "command": "nslookup www.example.com -timeout=1"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_redirect_AAAA_profile_subid_qname.json b/data/case_data/security_rule/deny_redirect_AAAA_profile_subid_qname.json
new file mode 100644
index 0000000..29d7f6f
--- /dev/null
+++ b/data/case_data/security_rule/deny_redirect_AAAA_profile_subid_qname.json
@@ -0,0 +1,70 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "redirect",
+ "profile_condition_1": [
+ {
+ "profile_type": "dns_record",
+ "type": "AAAA",
+ "value": "1050:0:0:0:5:600:300c:326b"
+ }
+ ],
+ "resolution_1":[
+ {
+ "qtype":"AAAA",
+ "answer":[
+ {
+ "atype":"AAAA",
+ "record_id": "",
+ "selected_num": 1,
+ "ttl":{
+ "min":300,
+ "max":300
+ }
+ }
+ ]
+ }
+],
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_DNS_QNAME",
+ "objectType": "fqdn",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.example.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["dns"],
+ "hope_return": "326b",
+ "counters_1": {"hits": 2},
+ "log_query_param_1": [{"query_field_key":"dns_qname","query_value":"www.example.com"}],
+ "command": "nslookup www.example.com -timeout=1"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_redirect_AAAA_text_geography_qname.json b/data/case_data/security_rule/deny_redirect_AAAA_text_geography_qname.json
new file mode 100644
index 0000000..c3782e5
--- /dev/null
+++ b/data/case_data/security_rule/deny_redirect_AAAA_text_geography_qname.json
@@ -0,0 +1,71 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "redirect",
+ "resolution_1":[
+ {
+ "qtype":"AAAA",
+ "answer":[
+ {
+ "atype":"AAAA",
+ "value":"1050:0:0:0:5:600:300c:326b",
+ "ttl":{
+ "min":300,
+ "max":300
+ }
+ }
+ ]
+ }
+],
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "121.14.154.93"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_DNS_QNAME",
+ "objectType": "fqdn",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.example.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["dns"],
+ "hope_return": "300c",
+ "counters_1": {"hits": 2},
+ "log_query_param_1": [{"query_field_key":"dns_qname","query_value":"www.example.com"}],
+ "command": "nslookup www.example.com -timeout=1"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_redirect_AAAA_text_subid_qname.json b/data/case_data/security_rule/deny_redirect_AAAA_text_subid_qname.json
new file mode 100644
index 0000000..645abd8
--- /dev/null
+++ b/data/case_data/security_rule/deny_redirect_AAAA_text_subid_qname.json
@@ -0,0 +1,71 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "redirect",
+ "resolution_1":[
+ {
+ "qtype":"AAAA",
+ "answer":[
+ {
+ "atype":"AAAA",
+ "value":"1050:0:0:0:5:600:300c:326b",
+ "ttl":{
+ "min":300,
+ "max":300
+ }
+ }
+ ]
+ }
+],
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_DNS_QNAME",
+ "objectType": "fqdn",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.example.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["dns"],
+ "hope_return": "300c",
+ "counters_1": {"hits": 2},
+ "log_query_param_1": [{"query_field_key":"dns_qname","query_value":"www.example.com"}],
+ "command": "nslookup www.example.com -timeout=1"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_redirect_A_cname_profile_geography_qname.json b/data/case_data/security_rule/deny_redirect_A_cname_profile_geography_qname.json
new file mode 100644
index 0000000..542c025
--- /dev/null
+++ b/data/case_data/security_rule/deny_redirect_A_cname_profile_geography_qname.json
@@ -0,0 +1,79 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "redirect",
+ "profile_condition_1": [
+ {
+ "profile_type": "dns_record",
+ "type": "CNAME",
+ "value": "www.www.www"
+ }
+ ],
+ "resolution_1":[
+ {
+ "qtype":"A",
+ "answer":[
+ {
+ "atype":"CNAME",
+ "record_id": "",
+ "selected_num": 1,
+ "ttl":{
+ "min":300,
+ "max":300
+ }
+ }
+ ]
+ }
+],
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "121.14.154.93"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_DNS_QNAME",
+ "objectType": "fqdn",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.example.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["dns"],
+ "hope_return": "www.www.www",
+ "counters_1": {"hits": 2},
+ "log_query_param_1": [{"query_field_key":"dns_qname","query_value":"www.example.com"}],
+ "command": "nslookup www.example.com -timeout=1"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_redirect_A_cname_profile_subid_qname.json b/data/case_data/security_rule/deny_redirect_A_cname_profile_subid_qname.json
new file mode 100644
index 0000000..02f2019
--- /dev/null
+++ b/data/case_data/security_rule/deny_redirect_A_cname_profile_subid_qname.json
@@ -0,0 +1,70 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "redirect",
+ "profile_condition_1": [
+ {
+ "profile_type": "dns_record",
+ "type": "CNAME",
+ "value": "www.www.www"
+ }
+ ],
+ "resolution_1":[
+ {
+ "qtype":"A",
+ "answer":[
+ {
+ "atype":"CNAME",
+ "record_id": "",
+ "selected_num": 1,
+ "ttl":{
+ "min":300,
+ "max":300
+ }
+ }
+ ]
+ }
+],
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_DNS_QNAME",
+ "objectType": "fqdn",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.jd.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["dns"],
+ "hope_return": "www.www.www",
+ "counters_1": {"hits": 2},
+ "log_query_param_1": [{"query_field_key":"dns_qname","query_value":"www.jd.com"}],
+ "command": "nslookup www.jd.com -timeout=1"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_redirect_A_cname_text_geography_qname.json b/data/case_data/security_rule/deny_redirect_A_cname_text_geography_qname.json
new file mode 100644
index 0000000..d02fe7b
--- /dev/null
+++ b/data/case_data/security_rule/deny_redirect_A_cname_text_geography_qname.json
@@ -0,0 +1,71 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "redirect",
+ "resolution_1":[
+ {
+ "qtype":"A",
+ "answer":[
+ {
+ "atype":"CNAME",
+ "value":"www.www.www",
+ "ttl":{
+ "min":300,
+ "max":300
+ }
+ }
+ ]
+ }
+],
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "121.14.154.93"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_DNS_QNAME",
+ "objectType": "fqdn",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.example.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["dns"],
+ "hope_return": "www.www.www",
+ "counters_1": {"hits": 2},
+ "log_query_param_1": [{"query_field_key":"dns_qname","query_value":"www.example.com"}],
+ "command": "nslookup www.jd.com -timeout=1"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_redirect_A_cname_text_subid_qname.json b/data/case_data/security_rule/deny_redirect_A_cname_text_subid_qname.json
new file mode 100644
index 0000000..f8fc099
--- /dev/null
+++ b/data/case_data/security_rule/deny_redirect_A_cname_text_subid_qname.json
@@ -0,0 +1,62 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "redirect",
+ "resolution_1":[
+ {
+ "qtype":"A",
+ "answer":[
+ {
+ "atype":"CNAME",
+ "value":"www.www.www",
+ "ttl":{
+ "min":300,
+ "max":300
+ }
+ }
+ ]
+ }
+],
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_DNS_QNAME",
+ "objectType": "fqdn",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.jd.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["dns"],
+ "hope_return": "www.www.www",
+ "counters_1": {"hits": 2},
+ "log_query_param_1": [{"query_field_key":"dns_qname","query_value":"www.jd.com"}],
+ "command": "nslookup www.jd.com -timeout=1"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_redirect_A_profile_geography_qname.json b/data/case_data/security_rule/deny_redirect_A_profile_geography_qname.json
new file mode 100644
index 0000000..db4b322
--- /dev/null
+++ b/data/case_data/security_rule/deny_redirect_A_profile_geography_qname.json
@@ -0,0 +1,79 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "redirect",
+ "profile_condition_1": [
+ {
+ "profile_type": "dns_record",
+ "type": "A",
+ "value": "1.1.1.1"
+ }
+ ],
+ "resolution_1":[
+ {
+ "qtype":"A",
+ "answer":[
+ {
+ "atype":"A",
+ "record_id": "",
+ "selected_num": 1,
+ "ttl":{
+ "min":300,
+ "max":300
+ }
+ }
+ ]
+ }
+],
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "121.14.154.93"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_DNS_QNAME",
+ "objectType": "fqdn",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.example.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["dns"],
+ "hope_return": "1.1.1.1",
+ "counters_1": {"hits": 2},
+ "log_query_param_1": [{"query_field_key":"dns_qname","query_value":"www.example.com"}],
+ "command": "nslookup www.example.com -timeout=1"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_redirect_A_profile_subid_qname.json b/data/case_data/security_rule/deny_redirect_A_profile_subid_qname.json
new file mode 100644
index 0000000..dda006e
--- /dev/null
+++ b/data/case_data/security_rule/deny_redirect_A_profile_subid_qname.json
@@ -0,0 +1,70 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "redirect",
+ "profile_condition_1": [
+ {
+ "profile_type": "dns_record",
+ "type": "A",
+ "value": "1.1.1.1"
+ }
+ ],
+ "resolution_1":[
+ {
+ "qtype":"A",
+ "answer":[
+ {
+ "atype":"A",
+ "record_id": "",
+ "selected_num": 1,
+ "ttl":{
+ "min":300,
+ "max":300
+ }
+ }
+ ]
+ }
+],
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_DNS_QNAME",
+ "objectType": "fqdn",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.jd.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["dns"],
+ "hope_return": "1.1.1.1",
+ "counters_1": {"hits": 2},
+ "log_query_param_1": [{"query_field_key":"dns_qname","query_value":"www.jd.com"}],
+ "command": "nslookup www.jd.com -timeout=1"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_redirect_A_text_geograohy_qname.json b/data/case_data/security_rule/deny_redirect_A_text_geograohy_qname.json
new file mode 100644
index 0000000..5a2c2de
--- /dev/null
+++ b/data/case_data/security_rule/deny_redirect_A_text_geograohy_qname.json
@@ -0,0 +1,71 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "redirect",
+ "resolution_1":[
+ {
+ "qtype":"A",
+ "answer":[
+ {
+ "atype":"A",
+ "value":"1.1.1.1",
+ "ttl":{
+ "min":300,
+ "max":300
+ }
+ }
+ ]
+ }
+],
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "121.14.154.93"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_DNS_QNAME",
+ "objectType": "fqdn",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.example.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["dns"],
+ "hope_return": "1.1.1.1",
+ "counters_1": {"hits": 2},
+ "log_query_param_1": [{"query_field_key":"dns_qname","query_value":"www.example.com"}],
+ "command": "nslookup www.example.com -timeout=1"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_redirect_A_text_subid_qname.json b/data/case_data/security_rule/deny_redirect_A_text_subid_qname.json
new file mode 100644
index 0000000..98f587c
--- /dev/null
+++ b/data/case_data/security_rule/deny_redirect_A_text_subid_qname.json
@@ -0,0 +1,62 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "redirect",
+ "resolution_1":[
+ {
+ "qtype":"A",
+ "answer":[
+ {
+ "atype":"A",
+ "value":"1.1.1.1",
+ "ttl":{
+ "min":300,
+ "max":300
+ }
+ }
+ ]
+ }
+],
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_DNS_QNAME",
+ "objectType": "fqdn",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.jd.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["dns"],
+ "hope_return": "1.1.1.1",
+ "counters_1": {"hits": 2},
+ "log_query_param_1": [{"query_field_key":"dns_qname","query_value":"www.jd.com"}],
+ "command": "nslookup www.jd.com -timeout=1"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_tamper_geography_dns_qname.json b/data/case_data/security_rule/deny_tamper_geography_dns_qname.json
new file mode 100644
index 0000000..3f7b178
--- /dev/null
+++ b/data/case_data/security_rule/deny_tamper_geography_dns_qname.json
@@ -0,0 +1,56 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "tamper",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "121.14.154.93"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_DNS_QNAME",
+ "objectType": "fqdn",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.example.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["dns"],
+ "hope_return": "NXDOMAIN",
+ "counters_1": {"hits": 2},
+ "log_query_param_1": [{"query_field_key":"dns_qname","query_value":"www.example.com"}],
+ "command": "nslookup www.example.com -timeout=1"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_tamper_geography_ftp_allfilter.json b/data/case_data/security_rule/deny_tamper_geography_ftp_allfilter.json
new file mode 100644
index 0000000..8324a58
--- /dev/null
+++ b/data/case_data/security_rule/deny_tamper_geography_ftp_allfilter.json
@@ -0,0 +1,88 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "tamper",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_URI",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "/autoFtp/english_big.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "autotest"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_ACCOUNT",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "ftpuser"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ftp"],
+ "hope_return": "reset",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ftp_account","query_value":"ftpuser"}],
+ "command": "curl -m 5 ftp://192.168.40.206/autoFtp/english_big.txt -u ftpuser:111111"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_tamper_geography_ftp_uri.json b/data/case_data/security_rule/deny_tamper_geography_ftp_uri.json
new file mode 100644
index 0000000..8cfe4b9
--- /dev/null
+++ b/data/case_data/security_rule/deny_tamper_geography_ftp_uri.json
@@ -0,0 +1,56 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "tamper",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_URI",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "/autoFtp/english_big.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ftp"],
+ "hope_return": "reset",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ftp_account","query_value":"ftpuser"}],
+ "command": "curl -m 5 ftp://192.168.40.206/autoFtp/english_big.txt -u ftpuser:111111"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_tamper_geography_http_allfilter.json b/data/case_data/security_rule/deny_tamper_geography_http_allfilter.json
new file mode 100644
index 0000000..60d4934
--- /dev/null
+++ b/data/case_data/security_rule/deny_tamper_geography_http_allfilter.json
@@ -0,0 +1,138 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "tamper",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_RES_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "Content-Type",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "text/html"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_BODY",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "requestbodysubstring"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_RES_BODY",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "responsebodysubstring"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"http_host","query_value":"open.node.com:180"}],
+ "command": "curl --connect-timeout 5 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"requestbodysubstring\\\",\\\"setcook\\\":\\\"asdf\\\",\\\"contenttype\\\": \\\"charset\\\",\\\"responsebody\\\": \\\"responsebodysubstring\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_tamper_geography_http_host.json b/data/case_data/security_rule/deny_tamper_geography_http_host.json
new file mode 100644
index 0000000..a3078dd
--- /dev/null
+++ b/data/case_data/security_rule/deny_tamper_geography_http_host.json
@@ -0,0 +1,56 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "tamper",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "111.2.182.231"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "*yumi.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"log_count","query_value":"notEmpty"}],
+ "command": "curl -kv --connect-timeout 5 -m 10 www.yumi.com"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_tamper_geography_mail_allfilter.json b/data/case_data/security_rule/deny_tamper_geography_mail_allfilter.json
new file mode 100644
index 0000000..222deaa
--- /dev/null
+++ b/data/case_data/security_rule/deny_tamper_geography_mail_allfilter.json
@@ -0,0 +1,136 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "tamper",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_NAME",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "mail_test_english.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "hala"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_FROM",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "[email protected]"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_TO",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "[email protected]"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ACCOUNT",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "163.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "timeout",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"mail_from_cmd","query_value":"[email protected]"}],
+ "command": "curl --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_tamper_geography_mail_subject.json b/data/case_data/security_rule/deny_tamper_geography_mail_subject.json
new file mode 100644
index 0000000..aa00dcd
--- /dev/null
+++ b/data/case_data/security_rule/deny_tamper_geography_mail_subject.json
@@ -0,0 +1,56 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "tamper",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "timeout",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"mail_from_cmd","query_value":"[email protected]"}],
+ "command": "curl --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_tamper_geography_ssl_allfilter.json b/data/case_data/security_rule/deny_tamper_geography_ssl_allfilter.json
new file mode 100644
index 0000000..48f8332
--- /dev/null
+++ b/data/case_data/security_rule/deny_tamper_geography_ssl_allfilter.json
@@ -0,0 +1,88 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "tamper",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "93.184.215.14"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "example"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SSL_CN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "example"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SSL_SAN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "example"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ssl"],
+ "hope_return": "bad signature",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ssl_sni","query_value":"www.example.com"}],
+ "command": "curl --connect-timeout 5 -m 5 https://www.example.com"
+}
diff --git a/data/case_data/security_rule/deny_tamper_geography_ssl_sni.json b/data/case_data/security_rule/deny_tamper_geography_ssl_sni.json
new file mode 100644
index 0000000..ec980ab
--- /dev/null
+++ b/data/case_data/security_rule/deny_tamper_geography_ssl_sni.json
@@ -0,0 +1,56 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "tamper",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "93.184.215.14"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.example.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ssl"],
+ "hope_return": "reset",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ssl_sni","query_value":"www.example.com"}],
+ "command": "curl -kv --connect-timeout 5 -m 10 https://www.example.com"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_tamper_subid_dns_qname.json b/data/case_data/security_rule/deny_tamper_subid_dns_qname.json
new file mode 100644
index 0000000..c2d6bf3
--- /dev/null
+++ b/data/case_data/security_rule/deny_tamper_subid_dns_qname.json
@@ -0,0 +1,47 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "tamper",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_DNS_QNAME",
+ "objectType": "fqdn",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.jd.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["dns"],
+ "hope_return": "NXDOMAIN",
+ "counters_1": {"hits": 2},
+ "log_query_param_1": [{"query_field_key":"log_count","query_value":"notEmpty"}],
+ "command": "nslookup www.jd.com -timeout=1"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_tamper_subid_ftp_allfilter.json b/data/case_data/security_rule/deny_tamper_subid_ftp_allfilter.json
new file mode 100644
index 0000000..8324a58
--- /dev/null
+++ b/data/case_data/security_rule/deny_tamper_subid_ftp_allfilter.json
@@ -0,0 +1,88 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "tamper",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_URI",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "/autoFtp/english_big.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "autotest"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_ACCOUNT",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "ftpuser"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ftp"],
+ "hope_return": "reset",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ftp_account","query_value":"ftpuser"}],
+ "command": "curl -m 5 ftp://192.168.40.206/autoFtp/english_big.txt -u ftpuser:111111"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_tamper_subid_ftp_uri.json b/data/case_data/security_rule/deny_tamper_subid_ftp_uri.json
new file mode 100644
index 0000000..8cfe4b9
--- /dev/null
+++ b/data/case_data/security_rule/deny_tamper_subid_ftp_uri.json
@@ -0,0 +1,56 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "tamper",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_FTP_URI",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "/autoFtp/english_big.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ftp"],
+ "hope_return": "reset",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ftp_account","query_value":"ftpuser"}],
+ "command": "curl -m 5 ftp://192.168.40.206/autoFtp/english_big.txt -u ftpuser:111111"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_tamper_subid_http_allfilter.json b/data/case_data/security_rule/deny_tamper_subid_http_allfilter.json
new file mode 100644
index 0000000..60d4934
--- /dev/null
+++ b/data/case_data/security_rule/deny_tamper_subid_http_allfilter.json
@@ -0,0 +1,138 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "tamper",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_URL",
+ "objectType": "url",
+ "objectSubType": "url",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "open.node.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "User-Agent",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Wget"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_RES_HDR",
+ "objectType": "http_signature",
+ "objectSubType": "http_signature",
+ "objectList": [
+ {
+ "contextName" : "Content-Type",
+ "addItemList": [
+ {
+ "keywordArray": [
+ "text/html"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_REQ_BODY",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "requestbodysubstring"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_HTTP_RES_BODY",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "responsebodysubstring"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"http_host","query_value":"open.node.com:180"}],
+ "command": "curl --connect-timeout 5 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"requestbodysubstring\\\",\\\"setcook\\\":\\\"asdf\\\",\\\"contenttype\\\": \\\"charset\\\",\\\"responsebody\\\": \\\"responsebodysubstring\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_tamper_subid_http_host.json b/data/case_data/security_rule/deny_tamper_subid_http_host.json
new file mode 100644
index 0000000..a3078dd
--- /dev/null
+++ b/data/case_data/security_rule/deny_tamper_subid_http_host.json
@@ -0,0 +1,56 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "tamper",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "111.2.182.231"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "*yumi.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "timed out",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"log_count","query_value":"notEmpty"}],
+ "command": "curl -kv --connect-timeout 5 -m 10 www.yumi.com"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_tamper_subid_mail_allfilter.json b/data/case_data/security_rule/deny_tamper_subid_mail_allfilter.json
new file mode 100644
index 0000000..222deaa
--- /dev/null
+++ b/data/case_data/security_rule/deny_tamper_subid_mail_allfilter.json
@@ -0,0 +1,136 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "tamper",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_NAME",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "mail_test_english.txt"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ATT_CONTENT",
+ "objectType": "keywords",
+ "objectSubType": "keywords",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "hala"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_FROM",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "[email protected]"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_TO",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "[email protected]"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_ACCOUNT",
+ "objectType": "account",
+ "objectSubType": "account",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "163.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "timeout",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"mail_from_cmd","query_value":"[email protected]"}],
+ "command": "curl --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_tamper_subid_mail_subject.json b/data/case_data/security_rule/deny_tamper_subid_mail_subject.json
new file mode 100644
index 0000000..aa00dcd
--- /dev/null
+++ b/data/case_data/security_rule/deny_tamper_subid_mail_subject.json
@@ -0,0 +1,56 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "tamper",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_MAIL_SUBJECT",
+ "objectType": "keywords",
+ "objectSubType": "",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "Bestman"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "timeout",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"mail_from_cmd","query_value":"[email protected]"}],
+ "command": "curl --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/deny_tamper_subid_ssl_allfilter.json b/data/case_data/security_rule/deny_tamper_subid_ssl_allfilter.json
new file mode 100644
index 0000000..48f8332
--- /dev/null
+++ b/data/case_data/security_rule/deny_tamper_subid_ssl_allfilter.json
@@ -0,0 +1,88 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "tamper",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "93.184.215.14"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "example"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SSL_CN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "example"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SSL_SAN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "example"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ssl"],
+ "hope_return": "bad signature",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ssl_sni","query_value":"www.example.com"}],
+ "command": "curl --connect-timeout 5 -m 5 https://www.example.com"
+}
diff --git a/data/case_data/security_rule/deny_tamper_subid_ssl_sni.json b/data/case_data/security_rule/deny_tamper_subid_ssl_sni.json
new file mode 100644
index 0000000..ec980ab
--- /dev/null
+++ b/data/case_data/security_rule/deny_tamper_subid_ssl_sni.json
@@ -0,0 +1,56 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "tamper",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "93.184.215.14"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.example.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ssl"],
+ "hope_return": "reset",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ssl_sni","query_value":"www.example.com"}],
+ "command": "curl -kv --connect-timeout 5 -m 10 https://www.example.com"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/security_deny_drop_gre.json b/data/case_data/security_rule/security_deny_drop_gre.json
new file mode 100644
index 0000000..009a739
--- /dev/null
+++ b/data/case_data/security_rule/security_deny_drop_gre.json
@@ -0,0 +1,31 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "default",
+ "do_log_1": 2,
+ "send_tcp_reset_1": 0,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SOURCE_IP",
+ "objectType": "ip",
+ "objectSubType": "ip",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "ip_address": "11.11.11.73",
+ "port_range": "0-65535"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["gre"],
+ "hope_return": "POST",
+ "counters_1": {"hits": 0},
+ "log_query_param_1": [],
+ "command": "curl http://10.10.10.206:180"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/shunt_geography_dns.json b/data/case_data/security_rule/shunt_geography_dns.json
new file mode 100644
index 0000000..5c760e3
--- /dev/null
+++ b/data/case_data/security_rule/shunt_geography_dns.json
@@ -0,0 +1,39 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "shunt",
+ "do_log_1": 0,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "121.14.154.93"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["dns"],
+ "hope_return": "www.example.com",
+ "counters_1": {"hits": 2},
+ "log_query_param_1": [],
+ "command": "nslookup www.example.com -timeout=1"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/shunt_geography_ftp.json b/data/case_data/security_rule/shunt_geography_ftp.json
new file mode 100644
index 0000000..3bcfd35
--- /dev/null
+++ b/data/case_data/security_rule/shunt_geography_ftp.json
@@ -0,0 +1,39 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "shunt",
+ "do_log_1": 0,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ftp"],
+ "hope_return": "auto",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [],
+ "command": "curl -m 5 ftp://192.168.40.206/autoFtp/english_big.txt -u ftpuser:111111"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/shunt_geography_http.json b/data/case_data/security_rule/shunt_geography_http.json
new file mode 100644
index 0000000..cea976c
--- /dev/null
+++ b/data/case_data/security_rule/shunt_geography_http.json
@@ -0,0 +1,39 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "shunt",
+ "do_log_1": 0,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "942313",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "玉米网",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [],
+ "command": "curl -kv www.yumi.com"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/shunt_geography_mail.json b/data/case_data/security_rule/shunt_geography_mail.json
new file mode 100644
index 0000000..3deab3f
--- /dev/null
+++ b/data/case_data/security_rule/shunt_geography_mail.json
@@ -0,0 +1,39 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "shunt",
+ "do_log_1": 0,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "192.168.40.206"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "Ok",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [],
+ "command": "curl --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/shunt_geography_ssl.json b/data/case_data/security_rule/shunt_geography_ssl.json
new file mode 100644
index 0000000..1878d86
--- /dev/null
+++ b/data/case_data/security_rule/shunt_geography_ssl.json
@@ -0,0 +1,39 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "shunt",
+ "do_log_1": 0,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "93.184.215.14"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ssl"],
+ "hope_return": "Example Domain",
+ "counters_1": {},
+ "log_query_param_1": [],
+ "command":"curl -kv https://www.example.com"
+}
diff --git a/data/case_data/security_rule/shunt_subid_dns.json b/data/case_data/security_rule/shunt_subid_dns.json
new file mode 100644
index 0000000..ce4c8e7
--- /dev/null
+++ b/data/case_data/security_rule/shunt_subid_dns.json
@@ -0,0 +1,30 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "shunt",
+ "do_log_1": 0,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["dns"],
+ "hope_return": "www.jd.com",
+ "counters_1": {"hits": 2},
+ "log_query_param_1": [],
+ "command": "nslookup www.jd.com -timeout=1"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/shunt_subid_ftp.json b/data/case_data/security_rule/shunt_subid_ftp.json
new file mode 100644
index 0000000..f54cc15
--- /dev/null
+++ b/data/case_data/security_rule/shunt_subid_ftp.json
@@ -0,0 +1,30 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "shunt",
+ "do_log_1": 0,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ftp"],
+ "hope_return": "auto",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [],
+ "command": "curl -m 5 ftp://192.168.40.206/autoFtp/english_big.txt -u ftpuser:111111"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/shunt_subid_http.json b/data/case_data/security_rule/shunt_subid_http.json
new file mode 100644
index 0000000..72a0fe4
--- /dev/null
+++ b/data/case_data/security_rule/shunt_subid_http.json
@@ -0,0 +1,30 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "shunt",
+ "do_log_1": 0,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["http"],
+ "hope_return": "玉米网",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [],
+ "command": "curl -kv www.yumi.com"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/shunt_subid_mail.json b/data/case_data/security_rule/shunt_subid_mail.json
new file mode 100644
index 0000000..a292608
--- /dev/null
+++ b/data/case_data/security_rule/shunt_subid_mail.json
@@ -0,0 +1,30 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "shunt",
+ "do_log_1": 0,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["mail"],
+ "hope_return": "Ok",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [],
+ "command": "curl --connect-timeout 10 -m 10 --url \"smtp://192.168.40.206\" --mail-from \"[email protected]\" --mail-rcpt \"[email protected]\" -H @/opt/test/automation/scripts/mailTestFile/mailMessage/subjectEnglish.txt --user \"[email protected]:111111\" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F \"=\"Bestman\";type=text/plain\" -F \"file=@/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt;type=`file --mime-type \"/opt/test/automation/scripts/mailTestFile/mailAttach/mail_test_english.txt\"|sed 's/.*: //'`;encoder=base64\" -F '=)'"
+} \ No newline at end of file
diff --git a/data/case_data/security_rule/shunt_subid_ssl.json b/data/case_data/security_rule/shunt_subid_ssl.json
new file mode 100644
index 0000000..c94143a
--- /dev/null
+++ b/data/case_data/security_rule/shunt_subid_ssl.json
@@ -0,0 +1,30 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "shunt",
+ "do_log_1": 0,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_SUBSCRIBER_ID",
+ "objectType": "subscriberid",
+ "objectSubType": "subscriberid",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "$test6473"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ssl"],
+ "hope_return": "百度一下",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [],
+ "command": "curl -kv https://www.baidu.com"
+}
diff --git a/data/case_data/temp/a/deny_tamper_geography_ssl_allfilter.json b/data/case_data/temp/a/deny_tamper_geography_ssl_allfilter.json
new file mode 100644
index 0000000..bbd11c2
--- /dev/null
+++ b/data/case_data/temp/a/deny_tamper_geography_ssl_allfilter.json
@@ -0,0 +1,88 @@
+{
+ "isMultiPriority": false,
+ "ruleNum": 1,
+ "policyType": "security",
+ "rule_action_1": "deny",
+ "method_1": "tamper",
+ "do_log_1": 2,
+ "obj_condition_1": [
+ {
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "93.184.215.14"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SERVER_FQDN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.example.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SSL_CN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.example.com"
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "attribute_name": "ATTR_SSL_SAN",
+ "objectType": "fqdn",
+ "objectSubType": "fqdn",
+ "objectList": [
+ {
+ "addItemList": [
+ {
+ "keywordArray": [
+ "www.example.com"
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "app_name_1": ["ssl"],
+ "hope_return": "Connection was reset",
+ "counters_1": {"hits": 1},
+ "log_query_param_1": [{"query_field_key":"ssl_sni","query_value":"www.example.com"}],
+ "command": "curl --connect-timeout 5 -m 5 https://www.example.com"
+}
diff --git a/data/template/proxy_intercept_rule/intercept_geography_http_host.json b/data/template/proxy_intercept_rule/intercept_geography_http_host.json
index 3a98e59..2a5f751 100644
--- a/data/template/proxy_intercept_rule/intercept_geography_http_host.json
+++ b/data/template/proxy_intercept_rule/intercept_geography_http_host.json
@@ -6,16 +6,25 @@
"do_log_1": 1,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
@@ -42,5 +51,5 @@
"hope_return": "yumi",
"counters_1": {},
"log_query_param_1": [],
- "command": "curl -kv www.yumi.com"
+ "command": "curl -kv http://www.yumi.com"
} \ No newline at end of file
diff --git a/data/template/proxy_intercept_rule/intercept_geography_ssl_sni.json b/data/template/proxy_intercept_rule/intercept_geography_ssl_sni.json
index 93608f1..ca493e2 100644
--- a/data/template/proxy_intercept_rule/intercept_geography_ssl_sni.json
+++ b/data/template/proxy_intercept_rule/intercept_geography_ssl_sni.json
@@ -6,16 +6,25 @@
"do_log_1": 1,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "香港.Unknown.Unknown.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
@@ -30,7 +39,7 @@
"addItemList": [
{
"keywordArray": [
- "www.baidu.com"
+ "www.yumi.com"
]
}
]
@@ -41,5 +50,6 @@
"app_name_1": ["ssl"],
"hope_return": "TSG CA",
"counters_1": {},
- "log_query_param_1": []
+ "log_query_param_1": [],
+ "command": "curl -kv https://www.yumi.com"
}
diff --git a/data/template/proxy_intercept_rule/intercept_subid_http_host.json b/data/template/proxy_intercept_rule/intercept_subid_http_host.json
index 763b230..15b5a59 100644
--- a/data/template/proxy_intercept_rule/intercept_subid_http_host.json
+++ b/data/template/proxy_intercept_rule/intercept_subid_http_host.json
@@ -42,5 +42,5 @@
"hope_return": "玉米网",
"counters_1": {},
"log_query_param_1": [],
- "command": "curl -kv www.yumi.com"
+ "command": "curl -kv http://www.yumi.com"
} \ No newline at end of file
diff --git a/data/template/proxy_intercept_rule/intercept_subid_ssl_sni.json b/data/template/proxy_intercept_rule/intercept_subid_ssl_sni.json
index bffc0dd..f3e47b6 100644
--- a/data/template/proxy_intercept_rule/intercept_subid_ssl_sni.json
+++ b/data/template/proxy_intercept_rule/intercept_subid_ssl_sni.json
@@ -42,5 +42,5 @@
"hope_return": "TSG CA",
"counters_1": {},
"log_query_param_1": [],
- "command": "curl -kv https:www.baidu.com"
+ "command": "curl -kv https://www.baidu.com"
}
diff --git a/data/template/proxy_intercept_rule/no_intercept_geography_http_host.json b/data/template/proxy_intercept_rule/no_intercept_geography_http_host.json
index 545fcae..70ca695 100644
--- a/data/template/proxy_intercept_rule/no_intercept_geography_http_host.json
+++ b/data/template/proxy_intercept_rule/no_intercept_geography_http_host.json
@@ -6,16 +6,25 @@
"do_log_1": 1,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
@@ -42,5 +51,5 @@
"hope_return": "yumi",
"counters_1": {},
"log_query_param_1": [],
- "command": "curl -kv www.yumi.com"
+ "command": "curl -kv http://www.yumi.com"
} \ No newline at end of file
diff --git a/data/template/proxy_intercept_rule/no_intercept_geography_ssl_sni.json b/data/template/proxy_intercept_rule/no_intercept_geography_ssl_sni.json
index 0ea2b06..0948ec2 100644
--- a/data/template/proxy_intercept_rule/no_intercept_geography_ssl_sni.json
+++ b/data/template/proxy_intercept_rule/no_intercept_geography_ssl_sni.json
@@ -6,16 +6,25 @@
"do_log_1": 1,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "香港.Unknown.Unknown.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
@@ -30,7 +39,7 @@
"addItemList": [
{
"keywordArray": [
- "www.baidu.com"
+ "$www.yumi.com"
]
}
]
@@ -41,5 +50,6 @@
"app_name_1": ["ssl"],
"hope_return": "SSL CA 2018",
"counters_1": {},
- "log_query_param_1": []
+ "log_query_param_1": [],
+ "command": "curl -kv http://www.yumi.com"
}
diff --git a/data/template/proxy_intercept_rule/no_intercept_subid_http_host.json b/data/template/proxy_intercept_rule/no_intercept_subid_http_host.json
index e02acf9..4c993e2 100644
--- a/data/template/proxy_intercept_rule/no_intercept_subid_http_host.json
+++ b/data/template/proxy_intercept_rule/no_intercept_subid_http_host.json
@@ -23,8 +23,8 @@
}
],
"app_name_1": ["http"],
- "command": "curl -kv www.yumi.com",
"hope_return": "yumi",
"counters_1": {},
- "log_query_param_1": []
+ "log_query_param_1": [],
+ "command": "curl -kv http://www.yumi.com"
} \ No newline at end of file
diff --git a/data/template/proxy_intercept_rule/no_intercept_subid_ssl_sni.json b/data/template/proxy_intercept_rule/no_intercept_subid_ssl_sni.json
index 897ddaf..5a815c1 100644
--- a/data/template/proxy_intercept_rule/no_intercept_subid_ssl_sni.json
+++ b/data/template/proxy_intercept_rule/no_intercept_subid_ssl_sni.json
@@ -42,5 +42,5 @@
"hope_return": "SSL CA 2018",
"counters_1": {},
"log_query_param_1": [],
- "command": "curl -kv www.baidu.com"
+ "command": "curl -kv https://www.baidu.com"
} \ No newline at end of file
diff --git a/data/template/proxy_manipulation_rule/allow_geography_allfilter.json b/data/template/proxy_manipulation_rule/allow_geography_allfilter.json
index 7ec8bca..cf46671 100644
--- a/data/template/proxy_manipulation_rule/allow_geography_allfilter.json
+++ b/data/template/proxy_manipulation_rule/allow_geography_allfilter.json
@@ -6,16 +6,25 @@
"do_log_1": 2,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
diff --git a/data/template/proxy_manipulation_rule/allow_geography_host.json b/data/template/proxy_manipulation_rule/allow_geography_host.json
index 119c95f..553ea42 100644
--- a/data/template/proxy_manipulation_rule/allow_geography_host.json
+++ b/data/template/proxy_manipulation_rule/allow_geography_host.json
@@ -6,16 +6,25 @@
"do_log_1": 2,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
diff --git a/data/template/proxy_manipulation_rule/deny_403_profile_geography_allfilter.json b/data/template/proxy_manipulation_rule/deny_403_profile_geography_allfilter.json
index 510979c..a3e7748 100644
--- a/data/template/proxy_manipulation_rule/deny_403_profile_geography_allfilter.json
+++ b/data/template/proxy_manipulation_rule/deny_403_profile_geography_allfilter.json
@@ -7,16 +7,25 @@
"do_log_1": 2,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
diff --git a/data/template/proxy_manipulation_rule/deny_403_profile_geography_host.json b/data/template/proxy_manipulation_rule/deny_403_profile_geography_host.json
index de53feb..2577e34 100644
--- a/data/template/proxy_manipulation_rule/deny_403_profile_geography_host.json
+++ b/data/template/proxy_manipulation_rule/deny_403_profile_geography_host.json
@@ -7,16 +7,25 @@
"do_log_1": 1,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
diff --git a/data/template/proxy_manipulation_rule/deny_403_text_geography_allfilter.json b/data/template/proxy_manipulation_rule/deny_403_text_geography_allfilter.json
index 0505c90..a0928a8 100644
--- a/data/template/proxy_manipulation_rule/deny_403_text_geography_allfilter.json
+++ b/data/template/proxy_manipulation_rule/deny_403_text_geography_allfilter.json
@@ -8,16 +8,25 @@
"do_log_1": 2,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
diff --git a/data/template/proxy_manipulation_rule/deny_403_text_geography_host.json b/data/template/proxy_manipulation_rule/deny_403_text_geography_host.json
index 3561ec8..525ea97 100644
--- a/data/template/proxy_manipulation_rule/deny_403_text_geography_host.json
+++ b/data/template/proxy_manipulation_rule/deny_403_text_geography_host.json
@@ -8,16 +8,25 @@
"do_log_1": 1,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
diff --git a/data/template/proxy_manipulation_rule/deny_404_profile_geography_allfilter.json b/data/template/proxy_manipulation_rule/deny_404_profile_geography_allfilter.json
index 636394b..3614e58 100644
--- a/data/template/proxy_manipulation_rule/deny_404_profile_geography_allfilter.json
+++ b/data/template/proxy_manipulation_rule/deny_404_profile_geography_allfilter.json
@@ -7,16 +7,25 @@
"do_log_1": 2,
"obj_condition_1": [
{
- "attribute_name": "ATTR_SUBSCRIBER_ID",
- "objectType": "subscriberid",
- "objectSubType": "subscriberid",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "$test23"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
@@ -98,8 +107,8 @@
}
],
"app_name_1": ["http"],
- "hope_return": "403",
+ "hope_return": "404",
"counters_1": {},
"log_query_param_1": [],
- "command": "curl -kv https://www.vip.com"
+ "command": "curl -kv --user-agent \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" https://www.vip.com"
} \ No newline at end of file
diff --git a/data/template/proxy_manipulation_rule/deny_404_profile_geography_host.json b/data/template/proxy_manipulation_rule/deny_404_profile_geography_host.json
index e9386e9..9fddd94 100644
--- a/data/template/proxy_manipulation_rule/deny_404_profile_geography_host.json
+++ b/data/template/proxy_manipulation_rule/deny_404_profile_geography_host.json
@@ -7,16 +7,25 @@
"do_log_1": 1,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
@@ -48,7 +57,7 @@
}
],
"app_name_1": ["http"],
- "hope_return": "403",
+ "hope_return": "404",
"counters_1": {},
"log_query_param_1": [],
"command": "curl -kv https://www.vip.com"
diff --git a/data/template/proxy_manipulation_rule/deny_404_profile_subid_allfilter.json b/data/template/proxy_manipulation_rule/deny_404_profile_subid_allfilter.json
index 636394b..f16990d 100644
--- a/data/template/proxy_manipulation_rule/deny_404_profile_subid_allfilter.json
+++ b/data/template/proxy_manipulation_rule/deny_404_profile_subid_allfilter.json
@@ -98,8 +98,8 @@
}
],
"app_name_1": ["http"],
- "hope_return": "403",
+ "hope_return": "404",
"counters_1": {},
"log_query_param_1": [],
- "command": "curl -kv https://www.vip.com"
+ "command": "curl -kv \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" https://www.vip.com"
} \ No newline at end of file
diff --git a/data/template/proxy_manipulation_rule/deny_404_profile_subid_host.json b/data/template/proxy_manipulation_rule/deny_404_profile_subid_host.json
index ccb4f5e..39996aa 100644
--- a/data/template/proxy_manipulation_rule/deny_404_profile_subid_host.json
+++ b/data/template/proxy_manipulation_rule/deny_404_profile_subid_host.json
@@ -48,7 +48,7 @@
}
],
"app_name_1": ["http"],
- "hope_return": "403",
+ "hope_return": "404",
"counters_1": {},
"log_query_param_1": [],
"command": "curl -kv https://www.vip.com"
diff --git a/data/template/proxy_manipulation_rule/deny_404_text_geography_allfilter.json b/data/template/proxy_manipulation_rule/deny_404_text_geography_allfilter.json
index 40cdc06..302f172 100644
--- a/data/template/proxy_manipulation_rule/deny_404_text_geography_allfilter.json
+++ b/data/template/proxy_manipulation_rule/deny_404_text_geography_allfilter.json
@@ -8,16 +8,25 @@
"do_log_1": 2,
"obj_condition_1": [
{
- "attribute_name": "ATTR_SUBSCRIBER_ID",
- "objectType": "subscriberid",
- "objectSubType": "subscriberid",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "$test23"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
@@ -91,8 +100,8 @@
}
],
"app_name_1": ["http"],
- "hope_return": "403",
+ "hope_return": "404",
"counters_1": {},
"log_query_param_1": [],
- "command": "curl -kv https://www.vip.com"
+ "command": "curl -kv \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" https://www.vip.com"
} \ No newline at end of file
diff --git a/data/template/proxy_manipulation_rule/deny_404_text_geography_host.json b/data/template/proxy_manipulation_rule/deny_404_text_geography_host.json
index 98bcec0..5131d26 100644
--- a/data/template/proxy_manipulation_rule/deny_404_text_geography_host.json
+++ b/data/template/proxy_manipulation_rule/deny_404_text_geography_host.json
@@ -8,16 +8,25 @@
"do_log_1": 1,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
@@ -41,7 +50,7 @@
}
],
"app_name_1": ["http"],
- "hope_return": "403",
+ "hope_return": "404",
"counters_1": {},
"log_query_param_1": [],
"command": "curl -kv https://www.vip.com"
diff --git a/data/template/proxy_manipulation_rule/deny_404_text_subid_allfilter.json b/data/template/proxy_manipulation_rule/deny_404_text_subid_allfilter.json
index 40cdc06..4c3ed17 100644
--- a/data/template/proxy_manipulation_rule/deny_404_text_subid_allfilter.json
+++ b/data/template/proxy_manipulation_rule/deny_404_text_subid_allfilter.json
@@ -91,8 +91,8 @@
}
],
"app_name_1": ["http"],
- "hope_return": "403",
+ "hope_return": "404",
"counters_1": {},
"log_query_param_1": [],
- "command": "curl -kv https://www.vip.com"
+ "command": "curl -kv \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" https://www.vip.com"
} \ No newline at end of file
diff --git a/data/template/proxy_manipulation_rule/deny_404_text_subid_host.json b/data/template/proxy_manipulation_rule/deny_404_text_subid_host.json
index c4c075b..5fd5a8f 100644
--- a/data/template/proxy_manipulation_rule/deny_404_text_subid_host.json
+++ b/data/template/proxy_manipulation_rule/deny_404_text_subid_host.json
@@ -41,7 +41,7 @@
}
],
"app_name_1": ["http"],
- "hope_return": "403",
+ "hope_return": "404",
"counters_1": {},
"log_query_param_1": [],
"command": "curl -kv https://www.vip.com"
diff --git a/data/template/proxy_manipulation_rule/deny_451_profile_geography_allfilter.json b/data/template/proxy_manipulation_rule/deny_451_profile_geography_allfilter.json
index 3625386..6fc24f1 100644
--- a/data/template/proxy_manipulation_rule/deny_451_profile_geography_allfilter.json
+++ b/data/template/proxy_manipulation_rule/deny_451_profile_geography_allfilter.json
@@ -7,16 +7,25 @@
"do_log_1": 2,
"obj_condition_1": [
{
- "attribute_name": "ATTR_SUBSCRIBER_ID",
- "objectType": "subscriberid",
- "objectSubType": "subscriberid",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "$test23"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
@@ -98,8 +107,8 @@
}
],
"app_name_1": ["http"],
- "hope_return": "403",
+ "hope_return": "451",
"counters_1": {},
"log_query_param_1": [],
- "command": "curl -kv https://www.vip.com"
+ "command": "curl -kv \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" https://www.vip.com"
} \ No newline at end of file
diff --git a/data/template/proxy_manipulation_rule/deny_451_profile_geography_host.json b/data/template/proxy_manipulation_rule/deny_451_profile_geography_host.json
index 5c98294..133f23d 100644
--- a/data/template/proxy_manipulation_rule/deny_451_profile_geography_host.json
+++ b/data/template/proxy_manipulation_rule/deny_451_profile_geography_host.json
@@ -7,16 +7,25 @@
"do_log_1": 1,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
@@ -48,7 +57,7 @@
}
],
"app_name_1": ["http"],
- "hope_return": "403",
+ "hope_return": "451",
"counters_1": {},
"log_query_param_1": [],
"command": "curl -kv https://www.vip.com"
diff --git a/data/template/proxy_manipulation_rule/deny_451_profile_subid_allfilter.json b/data/template/proxy_manipulation_rule/deny_451_profile_subid_allfilter.json
index 7f979d0..8baeba3 100644
--- a/data/template/proxy_manipulation_rule/deny_451_profile_subid_allfilter.json
+++ b/data/template/proxy_manipulation_rule/deny_451_profile_subid_allfilter.json
@@ -98,8 +98,8 @@
}
],
"app_name_1": ["http"],
- "hope_return": "403",
+ "hope_return": "451",
"counters_1": {},
"log_query_param_1": [],
- "command": "curl -kv https://www.vip.com"
+ "command": "curl -kv \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" https://www.vip.com"
} \ No newline at end of file
diff --git a/data/template/proxy_manipulation_rule/deny_451_profile_subid_host.json b/data/template/proxy_manipulation_rule/deny_451_profile_subid_host.json
index f1a447a..e427a25 100644
--- a/data/template/proxy_manipulation_rule/deny_451_profile_subid_host.json
+++ b/data/template/proxy_manipulation_rule/deny_451_profile_subid_host.json
@@ -48,7 +48,7 @@
}
],
"app_name_1": ["http"],
- "hope_return": "403",
+ "hope_return": "451",
"counters_1": {},
"log_query_param_1": [],
"command": "curl -kv https://www.vip.com"
diff --git a/data/template/proxy_manipulation_rule/deny_451_text_geography_allfilter.json b/data/template/proxy_manipulation_rule/deny_451_text_geography_allfilter.json
index 4c8a849..6862e21 100644
--- a/data/template/proxy_manipulation_rule/deny_451_text_geography_allfilter.json
+++ b/data/template/proxy_manipulation_rule/deny_451_text_geography_allfilter.json
@@ -91,8 +91,8 @@
}
],
"app_name_1": ["http"],
- "hope_return": "403",
+ "hope_return": "451",
"counters_1": {},
"log_query_param_1": [],
- "command": "curl -kv https://www.vip.com"
+ "command": "curl -kv \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" https://www.vip.com"
} \ No newline at end of file
diff --git a/data/template/proxy_manipulation_rule/deny_451_text_geography_host.json b/data/template/proxy_manipulation_rule/deny_451_text_geography_host.json
index 08c4e4b..4bc4557 100644
--- a/data/template/proxy_manipulation_rule/deny_451_text_geography_host.json
+++ b/data/template/proxy_manipulation_rule/deny_451_text_geography_host.json
@@ -8,16 +8,25 @@
"do_log_1": 1,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
@@ -41,7 +50,7 @@
}
],
"app_name_1": ["http"],
- "hope_return": "403",
+ "hope_return": "451",
"counters_1": {},
"log_query_param_1": [],
"command": "curl -kv https://www.vip.com"
diff --git a/data/template/proxy_manipulation_rule/deny_451_text_subid_allfilter.json b/data/template/proxy_manipulation_rule/deny_451_text_subid_allfilter.json
index b70ea24..1cac3ee 100644
--- a/data/template/proxy_manipulation_rule/deny_451_text_subid_allfilter.json
+++ b/data/template/proxy_manipulation_rule/deny_451_text_subid_allfilter.json
@@ -94,5 +94,5 @@
"hope_return": "403",
"counters_1": {},
"log_query_param_1": [],
- "command": "curl -kv https://www.vip.com"
+ "command": "curl -kv \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" https://www.vip.com"
} \ No newline at end of file
diff --git a/data/template/proxy_manipulation_rule/edit_element_inside_mark_geography_allfilter.json b/data/template/proxy_manipulation_rule/edit_element_inside_mark_geography_allfilter.json
index 54863fe..28296f2 100644
--- a/data/template/proxy_manipulation_rule/edit_element_inside_mark_geography_allfilter.json
+++ b/data/template/proxy_manipulation_rule/edit_element_inside_mark_geography_allfilter.json
@@ -11,16 +11,25 @@
"do_log_1": 1,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
@@ -94,8 +103,8 @@
}
],
"app_name_1": ["http"],
- "hope_return": "team",
+ "hope_return": "need_filter",
"counters_1": {},
"log_query_param_1": [],
- "command": "curl -kv https://www.euro-football.ru"
+ "command": "curl -kv \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" https://www.euro-football.ru"
} \ No newline at end of file
diff --git a/data/template/proxy_manipulation_rule/edit_element_inside_mark_geography_url.json b/data/template/proxy_manipulation_rule/edit_element_inside_mark_geography_url.json
index ac9cc52..a96c9bc 100644
--- a/data/template/proxy_manipulation_rule/edit_element_inside_mark_geography_url.json
+++ b/data/template/proxy_manipulation_rule/edit_element_inside_mark_geography_url.json
@@ -11,16 +11,25 @@
"do_log_1": 1,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
@@ -44,7 +53,7 @@
}
],
"app_name_1": ["http"],
- "hope_return": "team",
+ "hope_return": "need_filter",
"counters_1": {},
"log_query_param_1": [],
"command": "curl -kv https://www.euro-football.ru"
diff --git a/data/template/proxy_manipulation_rule/edit_element_inside_mark_subid_allfilter.json b/data/template/proxy_manipulation_rule/edit_element_inside_mark_subid_allfilter.json
index d44c9cc..648030f 100644
--- a/data/template/proxy_manipulation_rule/edit_element_inside_mark_subid_allfilter.json
+++ b/data/template/proxy_manipulation_rule/edit_element_inside_mark_subid_allfilter.json
@@ -94,7 +94,7 @@
}
],
"app_name_1": ["http"],
- "hope_return": "team",
+ "hope_return": "need_filter",
"counters_1": {},
"log_query_param_1": [],
"command": "curl -kv https://www.euro-football.ru"
diff --git a/data/template/proxy_manipulation_rule/edit_element_inside_mark_subid_url.json b/data/template/proxy_manipulation_rule/edit_element_inside_mark_subid_url.json
index 600055b..80706a2 100644
--- a/data/template/proxy_manipulation_rule/edit_element_inside_mark_subid_url.json
+++ b/data/template/proxy_manipulation_rule/edit_element_inside_mark_subid_url.json
@@ -44,7 +44,7 @@
}
],
"app_name_1": ["http"],
- "hope_return": "team",
+ "hope_return": "need_filter",
"counters_1": {},
"log_query_param_1": [],
"command": "curl -kv https://www.euro-football.ru"
diff --git a/data/template/proxy_manipulation_rule/edit_element_inside_remove_geography_allfilter.json b/data/template/proxy_manipulation_rule/edit_element_inside_remove_geography_allfilter.json
index d3fcc36..741bb2a 100644
--- a/data/template/proxy_manipulation_rule/edit_element_inside_remove_geography_allfilter.json
+++ b/data/template/proxy_manipulation_rule/edit_element_inside_remove_geography_allfilter.json
@@ -11,16 +11,25 @@
"do_log_1": 1,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
@@ -97,5 +106,5 @@
"hope_return": "team",
"counters_1": {},
"log_query_param_1": [],
- "command": "curl -kv https://www.euro-football.ru"
+ "command": "curl -kv \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" https://www.euro-football.ru"
} \ No newline at end of file
diff --git a/data/template/proxy_manipulation_rule/edit_element_inside_remove_geography_url.json b/data/template/proxy_manipulation_rule/edit_element_inside_remove_geography_url.json
index 98fed6e..be6b163 100644
--- a/data/template/proxy_manipulation_rule/edit_element_inside_remove_geography_url.json
+++ b/data/template/proxy_manipulation_rule/edit_element_inside_remove_geography_url.json
@@ -11,16 +11,25 @@
"do_log_1": 1,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
@@ -47,5 +56,5 @@
"hope_return": "team",
"counters_1": {},
"log_query_param_1": [],
- "command": "curl -kv https://www.euro-football.ru"
+ "command": "curl -kv \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" https://www.euro-football.ru"
} \ No newline at end of file
diff --git a/data/template/proxy_manipulation_rule/edit_element_whole_mark_geography_allfilter.json b/data/template/proxy_manipulation_rule/edit_element_whole_mark_geography_allfilter.json
index 5420883..0d78ac7 100644
--- a/data/template/proxy_manipulation_rule/edit_element_whole_mark_geography_allfilter.json
+++ b/data/template/proxy_manipulation_rule/edit_element_whole_mark_geography_allfilter.json
@@ -10,16 +10,25 @@
"do_log_1": 1,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
@@ -93,7 +102,7 @@
}
],
"app_name_1": ["http"],
- "hope_return": "team",
+ "hope_return": "need_filter",
"counters_1": {},
"log_query_param_1": [],
"command": "curl -kv https://www.euro-football.ru"
diff --git a/data/template/proxy_manipulation_rule/edit_element_whole_mark_profile_url.json b/data/template/proxy_manipulation_rule/edit_element_whole_mark_profile_geography_url.json
index 2c2990e..00e4959 100644
--- a/data/template/proxy_manipulation_rule/edit_element_whole_mark_profile_url.json
+++ b/data/template/proxy_manipulation_rule/edit_element_whole_mark_profile_geography_url.json
@@ -43,7 +43,7 @@
}
],
"app_name_1": ["http"],
- "hope_return": "team",
+ "hope_return": "need_filter",
"counters_1": {},
"log_query_param_1": [],
"command": "curl -kv https://www.euro-football.ru"
diff --git a/data/template/proxy_manipulation_rule/edit_element_whole_mark_subid_allfilter.json b/data/template/proxy_manipulation_rule/edit_element_whole_mark_subid_allfilter.json
index 53008e2..641653d 100644
--- a/data/template/proxy_manipulation_rule/edit_element_whole_mark_subid_allfilter.json
+++ b/data/template/proxy_manipulation_rule/edit_element_whole_mark_subid_allfilter.json
@@ -93,7 +93,7 @@
}
],
"app_name_1": ["http"],
- "hope_return": "team",
+ "hope_return": "need_filter",
"counters_1": {},
"log_query_param_1": [],
"command": "curl -kv https://www.euro-football.ru"
diff --git a/data/template/proxy_manipulation_rule/edit_element_whole_mark_subid_url.json b/data/template/proxy_manipulation_rule/edit_element_whole_mark_subid_url.json
index 6b6d492..18c83ee 100644
--- a/data/template/proxy_manipulation_rule/edit_element_whole_mark_subid_url.json
+++ b/data/template/proxy_manipulation_rule/edit_element_whole_mark_subid_url.json
@@ -43,7 +43,7 @@
}
],
"app_name_1": ["http"],
- "hope_return": "team",
+ "hope_return": "need_filter",
"counters_1": {},
"log_query_param_1": [],
"command": "curl -kv https://www.euro-football.ru"
diff --git a/data/template/proxy_manipulation_rule/edit_element_whole_remove_geography_allfilter.json b/data/template/proxy_manipulation_rule/edit_element_whole_remove_geography_allfilter.json
index 05865a2..e8023c1 100644
--- a/data/template/proxy_manipulation_rule/edit_element_whole_remove_geography_allfilter.json
+++ b/data/template/proxy_manipulation_rule/edit_element_whole_remove_geography_allfilter.json
@@ -10,16 +10,25 @@
"do_log_1": 1,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
diff --git a/data/template/proxy_manipulation_rule/edit_element_whole_remove_geography_url.json b/data/template/proxy_manipulation_rule/edit_element_whole_remove_geography_url.json
index cd2db24..8a9b40b 100644
--- a/data/template/proxy_manipulation_rule/edit_element_whole_remove_geography_url.json
+++ b/data/template/proxy_manipulation_rule/edit_element_whole_remove_geography_url.json
@@ -10,16 +10,25 @@
"do_log_1": 1,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
diff --git a/data/template/proxy_manipulation_rule/hijack_geography_http_allfilter.json b/data/template/proxy_manipulation_rule/hijack_geography_http_allfilter.json
index 1e222a0..6ef6630 100644
--- a/data/template/proxy_manipulation_rule/hijack_geography_http_allfilter.json
+++ b/data/template/proxy_manipulation_rule/hijack_geography_http_allfilter.json
@@ -6,16 +6,25 @@
"do_log_1": 2,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
diff --git a/data/template/proxy_manipulation_rule/hijack_geography_url.json b/data/template/proxy_manipulation_rule/hijack_geography_url.json
index dd3d828..5e5d0f6 100644
--- a/data/template/proxy_manipulation_rule/hijack_geography_url.json
+++ b/data/template/proxy_manipulation_rule/hijack_geography_url.json
@@ -6,16 +6,25 @@
"do_log_1": 2,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
diff --git a/data/template/proxy_manipulation_rule/insert_geography_url.json b/data/template/proxy_manipulation_rule/insert_geography_url.json
index bf70387..8dab98c 100644
--- a/data/template/proxy_manipulation_rule/insert_geography_url.json
+++ b/data/template/proxy_manipulation_rule/insert_geography_url.json
@@ -6,16 +6,25 @@
"do_log_1": 2,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
diff --git a/data/template/proxy_manipulation_rule/insert_gepgraphy_allfilter.json b/data/template/proxy_manipulation_rule/insert_gepgraphy_allfilter.json
index dd041eb..091f4be 100644
--- a/data/template/proxy_manipulation_rule/insert_gepgraphy_allfilter.json
+++ b/data/template/proxy_manipulation_rule/insert_gepgraphy_allfilter.json
@@ -6,16 +6,25 @@
"do_log_1": 2,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
diff --git a/data/template/proxy_manipulation_rule/monitor_geography_allfilter.json b/data/template/proxy_manipulation_rule/monitor_geography_allfilter.json
index da70d31..9ad6a4c 100644
--- a/data/template/proxy_manipulation_rule/monitor_geography_allfilter.json
+++ b/data/template/proxy_manipulation_rule/monitor_geography_allfilter.json
@@ -6,16 +6,25 @@
"do_log_1": 2,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
diff --git a/data/template/proxy_manipulation_rule/monitor_geography_host.json b/data/template/proxy_manipulation_rule/monitor_geography_host.json
index 5d9db9c..b65e04f 100644
--- a/data/template/proxy_manipulation_rule/monitor_geography_host.json
+++ b/data/template/proxy_manipulation_rule/monitor_geography_host.json
@@ -6,16 +6,25 @@
"do_log_1": 2,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
diff --git a/data/template/proxy_manipulation_rule/redirect_301_geography_allfilter.json b/data/template/proxy_manipulation_rule/redirect_301_geography_allfilter.json
index ff70ee3..205ddf3 100644
--- a/data/template/proxy_manipulation_rule/redirect_301_geography_allfilter.json
+++ b/data/template/proxy_manipulation_rule/redirect_301_geography_allfilter.json
@@ -8,16 +8,25 @@
"do_log_1": 2,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
diff --git a/data/template/proxy_manipulation_rule/redirect_301_geography_url.json b/data/template/proxy_manipulation_rule/redirect_301_geography_url.json
index 247972c..53c488d 100644
--- a/data/template/proxy_manipulation_rule/redirect_301_geography_url.json
+++ b/data/template/proxy_manipulation_rule/redirect_301_geography_url.json
@@ -8,16 +8,25 @@
"do_log_1": 2,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
diff --git a/data/template/proxy_manipulation_rule/redirect_302_geography_allfilter.json b/data/template/proxy_manipulation_rule/redirect_302_geography_allfilter.json
index 791c389..17fa6df 100644
--- a/data/template/proxy_manipulation_rule/redirect_302_geography_allfilter.json
+++ b/data/template/proxy_manipulation_rule/redirect_302_geography_allfilter.json
@@ -8,16 +8,25 @@
"do_log_1": 2,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
diff --git a/data/template/proxy_manipulation_rule/redirect_302_geography_url.json b/data/template/proxy_manipulation_rule/redirect_302_geography_url.json
index 93b99a5..a0a3f23 100644
--- a/data/template/proxy_manipulation_rule/redirect_302_geography_url.json
+++ b/data/template/proxy_manipulation_rule/redirect_302_geography_url.json
@@ -8,16 +8,25 @@
"do_log_1": 2,
"obj_condition_1": [
{
- "attribute_name": "ATTR_DESTINATION_LOCATION",
- "objectType": "ip",
- "objectSubType": "geo_location",
+ "attribute_name": "ATTR_DESTINATION_GEO_COUNTRY",
+ "objectType": "geolocation",
+ "objectSubType": "geolocation",
"objectList": [
{
"addItemList": [
{
- "keywordArray": [
- "中国.浙江省.杭州.*"
- ]
+ "type": "library",
+ "continent": "Asia",
+ "geoname_id": "1237569",
+ "super_administrative_area": "auto_geo_obj",
+ "administrative_area": "auto_geo_obj",
+ "country_abbr": "auto_geo_obj",
+ "country": "auto_geo_obj",
+ "location_type": "country",
+ "latitude": "0",
+ "longitude": "0",
+ "addr_type": 4,
+ "ip_address": "60.190.243.167"
}
]
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 19:00:54 +0000