D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: flbjhb on February 05, 2010, 01:17:46 AM

Title: Help with DFL-1600 and IDP rule
Post by: flbjhb on February 05, 2010, 01:17:46 AM

Hi

We have several clients linking to our servers via applications, but some of these clients send different user-agents in the communication with the web server. The User's connection is then blocked and the firewall logs the following (using ip 1.1.1.1 as an example):

1.1.1.1 - All - all 2010-02-04 23:14:02 414 IDS Rule idp_lan Signature (user-agent.Generic.PHP.Injection)

I see that user-agent.Generic.PHP.Injection is part of the rule IPS_WEB_GENERAL which contains many signatures. Would it be possible to somehow ignore just user-agent.Generic.PHP.Injection or do I have to ignore the entire IPS_WEB_GENERAL rule?

Title: Re: Help with DFL-1600 and IDP rule
Post by: chechito on February 05, 2010, 07:00:16 PM

nice topic very usefull if has solution ... i have the same Issue

Title: Re: Help with DFL-1600 and IDP rule
Post by: Fatman on February 08, 2010, 09:08:23 AM

Set an IDP Rule action to ignore that signature, the signature box on IDP rules is free form text.  Ensure that the ignore is above the web general group.