[Oisf-users] Block any uploading
Cooper F. Nelson
cnelson at ucsd.edu
Fri Mar 18 19:54:57 UTC 2016
I haven't tried it personally, but here are the details on using
suricata's GeoIP functionality.
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/GeoIP
So if you were running suricata in IPS mode you could write a 'drop'
rule to detect file uploads via the web and then add a negation rule to
only allow Singapore IPs. E.g. geoip:src,!SG
*But*, I personally wouldn't do this via suricata. I would use a
reverse proxy (like Squid), or mod_security, so that blocked users would
get a web page telling them why their upload was blocked.
-Coop
On 3/17/2016 12:07 PM, Mesra.net CEO wrote:
> That rules is filter by geoip for only Singapore IP are allow to upload
> any files via the web, the rest will be denied, how can i make a
> Suricata rules with my requirment?
>
> Please help and thank you so much
--
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160318/158886ce/attachment-0002.sig>
More information about the Oisf-users
mailing list