[Oisf-users] Block any uploading
Mesra.net CEO
admin at mesra.my
Thu Mar 17 19:07:31 UTC 2016
Dear All,
I’m looking for the rules similar to Mod Security as below:
SecRule REMOTE_ADDR "@geoLookup" "id:88888892,phase:1,t:none,pass,nolog"
SecRule GEO:COUNTRY_CODE !@streq SG "id:88888893,phase:1,t:none,log,deny,msg:'Upload: Not Singapore IP address',chain"
SecRule REQUEST_HEADERS:Content-Type "multipart/form-data" t:none,t:lowercase
That rules is filter by geoip for only Singapore IP are allow to upload any files via the web, the rest will be denied, how can i make a Suricata rules with my requirment?
Please help and thank you so much
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160318/99384446/attachment.html>
More information about the Oisf-users
mailing list