• February 24, 2025, 08:15:35 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Help with DFL-1600 and IDP rule  (Read 4738 times)

flbjhb

  • Level 1 Member
  • *
  • Posts: 3
Help with DFL-1600 and IDP rule
« on: February 05, 2010, 01:17:46 AM »
Hi

We have several clients linking to our servers via applications, but some of these clients send different user-agents in the communication with the web server. The User's connection is then blocked and the firewall logs the following (using ip 1.1.1.1 as an example):

1.1.1.1 - All - all 2010-02-04 23:14:02 414 IDS Rule idp_lan Signature (user-agent.Generic.PHP.Injection)

I see that user-agent.Generic.PHP.Injection is part of the rule IPS_WEB_GENERAL which contains many signatures. Would it be possible to somehow ignore just user-agent.Generic.PHP.Injection or do I have to ignore the entire IPS_WEB_GENERAL rule?
Logged

chechito

  • Level 3 Member
  • ***
  • Posts: 193
Re: Help with DFL-1600 and IDP rule
« Reply #1 on: February 05, 2010, 07:00:16 PM »
nice topic very usefull if has solution ... i have the same Issue
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: Help with DFL-1600 and IDP rule
« Reply #2 on: February 08, 2010, 09:08:23 AM »
Set an IDP Rule action to ignore that signature, the signature box on IDP rules is free form text.  Ensure that the ignore is above the web general group.
Logged
non progredi est regredi