This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS Exception - How to?

Hello, I have noticed a false positive in IPS engine:

2009:12:01-14:25:56 aitecfw snort[16612]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="WEB-CLIENT Internet Explorer XHTML element memory corruption attempt" group="320" srcip="81.252.137.164" dstip="***.***.***.***" proto="6" srcport="80" dstport="45455" sid="13974" class="Attempted User Privilege Gain" priority="1" generator="3" msgid="0"

I would like to disable only this rule for incoming packets from 81.252.137.164. But I have seen that the rule can be disabled or enabled, without specify the source ip address. Also, it's possible to bypass ALL the ips rules for a specified ip address. Astaro does not support what I would like to achieve?

Thank you
eclipse79

This thread was automatically locked due to age.

0 BAlfson over 15 years ago

There's a feature request for that that you might want to vote for: IPS: Granular IPS Exclusions

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 eclipse79oldacct over 15 years ago in reply to BAlfson

There's a feature request for that that you might want to vote for: IPS: Granular IPS Exclusions

Cheers - Bob

Unfortunately I have finished my avaiable votes [:D]
Cancel
Vote Up 0 Vote Down

Cancel
0 wingman over 15 years ago in reply to eclipse79oldacct

Unfortunately I have finished my avaiable votes [:D]

you can remove a vote from another thread and resubmit it [;)]
Cancel
Vote Up 0 Vote Down

Cancel
0 SilvanoBiger over 10 years ago

Has this been implemented in the current version of the UTM9 ?
Cancel
Vote Up 0 Vote Down

Cancel
0 Scott_Klassen over 10 years ago

Has this been implemented in the current version of the UTM9
No it has not.
Cancel
Vote Up 0 Vote Down

Cancel