Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 423 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Add exception for IPS

Levi Millington

We use a Sophos XG210 running SFOS 18.0.3 MR3. An application installer keeps getting blocked by IPS for "SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt". The application vendor uses the URL install.vendor.com. I've tried and tried to whitelist this URL for the specific IPS threat, but it won't pass. Can someone help me set an exclusion?



This thread was automatically locked due to age.
Parents
  • 0

    Hello Levi,

    Thank you for contacting the Sophos Community!

    IF you trust that website, you could create a Firewall rule, allowing access to it without IPS, to the IPs of the same, so that way the IPS will not get triggered.

    Name: install.vendor.com
    Addresses: 45.33.2.79
    198.58.118.167
    96.126.123.244
    45.33.23.183
    45.79.19.196
    45.56.79.23

    I think the above are the IPs they use, I believe you are trying to add the Customer IPS signature with the FQDN under Protect >> Intrusion Prevention >> Custom IPS signatures?

    Does the /log/ips.log says any additional information about this?

    Regards,

Reply
  • 0

    Hello Levi,

    Thank you for contacting the Sophos Community!

    IF you trust that website, you could create a Firewall rule, allowing access to it without IPS, to the IPs of the same, so that way the IPS will not get triggered.

    Name: install.vendor.com
    Addresses: 45.33.2.79
    198.58.118.167
    96.126.123.244
    45.33.23.183
    45.79.19.196
    45.56.79.23

    I think the above are the IPs they use, I believe you are trying to add the Customer IPS signature with the FQDN under Protect >> Intrusion Prevention >> Custom IPS signatures?

    Does the /log/ips.log says any additional information about this?

    Regards,

Children
No Data