For the Firewall rules please add the option of Contains or Does Not Contain. This is helpful because current settings only allow Is or Is Not. There are times when rules are not exact and you want pattern matching. For example on Client User Agent you could use Contains to block any user agent string that starts with Mozilla/4.0 which is usually an attack tool or bad bot (Mozilla/5.0 is legitimate). Another example would be to block nmap, arachni, dirbuster, etc... by user agent string without having to list the whole string that includes the version number. An example is DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project). I work on Akamai and Imperva and having Contains options are always helpful.
Comments: 1
-
22 Apr, '19
Moderator AdminThanks Mike, you can create such rules now using the * character. For example "*Mozilla/4.0*. Here is the supported syntax of the Glob Matcher https://wiki.untangle.com/index.php/Glob_Matcher