Block/Detect black list

IP/domain/url/ssl server_name Block/Detect Sample

Config XML

send syslog to log server 192.168.1.12:514 if block/detect happened

<configSet reboot="no">
    <log>
        <syslog>
            <enable>True</enable>
            <port>M0</port>
            <target>
                <enable>True</enable>
                <dip>192.168.1.12</dip>
                <dport>514</dport>
                <interfaces>P6,P7</interfaces>
                <filter></filter>
                <type>matched</type>
                <subtype>
                    <sip>True</sip>
                    <dip>True</dip>
                    <sport>True</sport>
                    <dport>True</dport>
                    <protocol>True</protocol>
                    <find_id>True</find_id>
                    <find_content>True</find_content>
                </subtype>
            </target>
        </syslog>
    </log>
</configSet>

ARRAY NTB XML (black list sample)

<run>
    <filter id="10000" sessionBase="yes" matchedlog="yes">
        <or>
            <find id="10000" name="ip.addr" relation="==" content="8.8.8.8"/>
        </or>
    </filter>
    <filter id="10001" sessionBase="no" matchedlog="yes">
        <or>
            <find id="10002" name="dns.qry.name" relation="==" content="www.cittv.com.tw"/>
        </or>
    </filter>
    <filter id="10002" sessionBase="no" matchedlog="yes">
        <or>
            <find id="10004" name="http.request.url" relation="==" content="www.whitehollowtransport.com/current-elliott-c-89.html" />
        </or>
    </filter>
    <filter id="10003" sessionBase="no" matchedlog="yes">
        <or>
            <find id="10005" name="ssl.server_name" relation="==" content="facebook.com" />
        </or>
    </filter>
    <filter id="10004" sessionBase="no" matchedlog="yes">
        <or>
            <find id="10006" name="ssl.server_name_public_suffix" relation="==" content=" *.googlevideo.com" />
        </or>
    </filter>
</run>

ARRAY NTB XML(block sample)

<run>
    <chain>
        <in>P6</in>
        <fid>F10000,F10001,F10002,F10003,F10004</fid>
        <out>0</out>
        <next type=”notmatch”>
            <out>P7</out>
        </next>
    </chain>
    <chain>
        <in>P7</in>
        <fid>F10000,F10001,F10002,F10003,F10004</fid>
        <out>0</out>
        <next type=”notmatch”>
            <out>P6</out>
        </next>
    </chain>
</run>

ARRAY NTB XML(detect sample)

<run>
    <chain>
        <in>P6</in>
        <out>P7</out>
    </chain>
    <chain>
        <in>P7</in>
        <out>P6</out>
    </chain>
    <chain>
        <in>P6,P7</in>
        <fid>F10000,F10001,F10002,F10003,F10004</fid>
        <out>0</out>
    </chain>
</run>

PreviousBlock Specific Country NextMobile Edge Computing Breakout

Last updated 2 years ago

hashtagConfig XML

hashtagARRAY NTB XML (black list sample)

hashtagARRAY NTB XML(block sample)

hashtagARRAY NTB XML(detect sample)

Config XML

ARRAY NTB XML (black list sample)

ARRAY NTB XML(block sample)

ARRAY NTB XML(detect sample)