Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
st3fan
New Contributor III

How to block all HTTP GET requests except for one specific request?

Hi everyone

 

I would like to create a custom IPS rule for a website which blocks all incoming HTTP GET requests and only allows one specific request. For example, www.site.com/string should be allowed but all other GET requests should be blocked.

 

Can this be accomplished using IPS rules? I would appreciate your feedback.

 

Thank you.

 

Regards

Stefan

2 REPLIES 2
st3fan
New Contributor III

Any ideas?

 

Thanks,

Stefan

emnoc
Esteemed Contributor III

Yes you can do that but why ? Can you control the request at the server? Do you  have a internal ServerLoadBalancer ?

 

Take a look at this example, which uses SMTP. The cfg would be the same ideal,  but the protocol HTTP and obviously the pattern.

 

http://socpuppet.blogspot.com/2014/07/example-fo-smpauth-protection-fortigate.html

 

So  something like this might work but find the  custom IPS syntax for  the fortios version that's in use and review any specifics for HTTP. I don't know how to negate a string tho but try the below for a test and then you would have to play around

 

F-SBID( --name \"dropithttp\"; --attack_id 1555;  --rev1.0; --protocol tcp;  ‑‑pattern "www.example.com/string"; ‑‑service HTTP; --no_case; ‑‑flow from_client; )

 

Please report back if you had success? You would need to set the rule to "drop" for this work for any other strings and that is what I would not know how todo.

 

ken

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Labels
Top Kudoed Authors