I configured the snort rule to detect ping and tcp
alert icmp any any -> any any (msg:"ping";sid:10000001;rev:0;)
How do I configure the snort rule to detect http, https and email?
Snort rule to detect http:
alert tcp any any -> any 80 (content:"HTTP"; msg:"http test"; sid:10000100; rev:005;)
Snort rule to detect https:
alert tcp any any -> any 443 (content:"HTTPS"; msg:"https test"; sid:10000101; rev:006;)
Related
I'm adding firewall rules for specific IP and PORT in Windows 10. But I'm getting errors the:
The protocol is invalid.
Address that I need to add:
13.79.172.43/8883,443
3.250.210.0/23
3.250.243.64/26
3.251.56.0/24
3.251.62.128/25
34.245.205.0/27
18.130.91.148/30
Example of what I'm using:
New-NetFirewallRule -DisplayName "Block-Wireless-In-01" -Name "Block-Wireless-In-01" -Direction Inbound -InterfaceType Wireless -Action Block -RemoteAddress 13.79.172.43 -LocalPort 8883,443 - Protocol TCP
Options I have in Windows firewall settings for defining protocol are:
HOPOPT
ICMPv4
IGMP
TCP
UDP
IPv6
IPv6-Route
IPv6-Frag
GRE
ICMPv6
IPv6-NoNxt
IPv6-Opts
VRRP
PGM
L2TP
How to find the right protocol for each address and what to choose in firewall settings?
I have a question about config balance with use haproxy.
I want config balance with use header tags on requests.
I have 2 tag - kasko, osago and default_backend.
How I can config balance for tags
- if I have one tag in header request - balance backend osago,
- if second tag - balance backend kasko,
- if don't have tag - use default backend?
I tried use hdr_val how wrote on this instructions https://www.haproxy.com/documentation/aloha/9-5/traffic-management/lb-layer7/acls/
and this
https://blog.armbruster-it.de/2015/08/neo4j-and-haproxy-some-best-practices-and-tricks/
but it don't work.
frontend web_80
bind *:80
mode http
option httplog
acl acl_osago hdr_val(Calculation-Type:OSAGO) eq 1
acl acl_kasko hdr_val(Calculation-Type:KASKO) eq 1
use_backend osago if acl_osago
use_backend kasko if acl_kasko
default_backend web_80
backend osago
mode http
server server5_7003 server5:7003 check port 7001
backend kasko
mode http
server server6_7003 server6:7003 check port 7001
backend web_80
mode http
balance leastconn
option httpchk GET /ibss-checker/threads/info/queue-length
http-check expect rstring ^(0?[0-9]?[0-9]|1[0-1][0-9])$
server server1_7003 server1:7003 check port 7001
server server2_7003 server2:7003 check port 7001
server server3_7003 server3:7003 check port 7001
server server4_7003 server4:7003 check port 7001
Helped dev recompiling programm and this config
acl acl_osago hdr_val(Calculation-Type:OSAGO) eq 1
worked
Hello I have this config
server {
listen 82;
server_name myapp.mydomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name myapp.mydomain.com
# ... remain of the stuff here
}
Before that I had other websites running in ports: 80, 3000 etc... now when I access http://myapp.mydomain.com automatically redirects me to my app (as is I were invoking port 82) and if I try to access another app running on 3000 port it tries to rewrite the https://myapp.mydomain.com:3000 as well... if I use the ip it works as expected (not the ssl part).
Full config can be found at:
https://gist.github.com/angvp/363f50ff8b8d345126adaf1595cd2523
Any ideas?
Ok after I start digging I had this on my nginx conf:
add_header Strict-Transport-Security max-age=15768000;
This is a security measure but that was causing all the subdomains even on different ports will try always https .. the correct way should be to have different subdomains per vhost per port..
I'm fairly new to HAProxy so just looking for a little direction here. Here's a log of the problem and the config for that as well. I'm trying to force specific destination ports to use a specific backend and it's not working.
Dec 18 18:49:34 localhost HAPLB[8405]: x.x.x.x:64725 [18/Dec/2014:18:49:27.157] 890_imappop_25 890_imappop_25-smtp/<NOSRV> -1/-1/7084 187 PR 225/35/35/0/3 0/0
backend 890_imappop_25-smtp
balance roundrobin
option redispatch
stick-table type ip size 60k peers mypeers
server filter1-mail 192.168.115.38:25 check
server filter2-mail 192.168.115.39:25 check
listen 890_imappop_25
bind 192.168.115.100:25
mode tcp
balance roundrobin
option redispatch
option tcplog
log 127.0.0.1 local0 debug
stick-table type ip size 60k peers mypeers
acl smtp_25 dst_port 25
acl smtp_225 dst_port 225
acl smtp_587 dst_port 587
use_backend 890_imappop_25-smtp if smtp_25
use_backend 890_imappop_225-smtp if smtp_225
use_backend 890_imappop_587-smtp if smtp_587
server imappop1-mail 192.168.115.42:25 check
server imappop2-mail 192.168.115.43:25 check
The fix was to add mode tcp to the backend section, so in this case it was defaulting to HTTP which obviously SMTP doesn't know how to talk to. Can't believe I forgot that.
backend 890_imappop_25-smtp
balance roundrobin
mode tcp
option redispatch
stick-table type ip size 60k peers mypeers
server filter1-mail 192.168.115.38:25 check
server filter2-mail 192.168.115.39:25 check
I have an HAProxy HTTP Frontend in my HAProxy config like so:
frontend myaddress.net :10098
bind :80,:8080
mode http
log global
option http-server-close
timeout client 14400000
timeout connect 60000
timeout tunnel 14400000
timeout http-request 14400000
capture request header User-Agent len 64
capture request header Accept-language len 64
capture request header x-forward len 15
capture request header host len 64
capture request header X-Orig-Base len 64
capture request header X-Orig-Host len 64
capture request header X-Orig-Proto len 64
reqadd X-Original-host:\ myaddress.net
acl is-ssl hdr(X-Orig-Proto) https
acl is-http hdr(X-Orig-Proto) http
redirect code 301 prefix https://myaddress.net if is-http
default_backend BACKEND_myaddress.net:catchall
It points to a backend defined like so:
backend BACKEND_myaddress.net:catchall
timeout server 4h
balance leastconn
server myserver myserver:8080 check inter 5s rise 3 fall 1
I've got it working to listen on port 80, then forward to 8080 on the backend server, but now I'm trying to make it also listen on port 8080 on the frontend (don't ask me why, it's a lame requirement).
As you can see, I've got a line that says bind :80,:8080. I thought that would make the frontend also listen on port 8080, but it's not appearing to listen on port 8080.
Is there something I'm missing in this configuration? How can I make a frontend listen on port 8080 and 80, which then forwards to the backend server on port 8080?
Try this in your frontend section:
bind :80
bind :8080
bind 0.0.0.0:80
bind 0.0.0.0:8080
Works for me !