topic Letsencrypt (acme) challenge URL in Custom Signatures https://live.paloaltonetworks.com/t5/custom-signatures/letsencrypt-acme-challenge-url/m-p/400172#M391 <P>I created this pattern to recognize Letsencrypt (acme-protocol) challenge.</P><P>&nbsp;</P><P>You need to create a custom application with these fields:</P><UL><LI><P>Typo: Transaction</P></LI><LI><P>&nbsp;</P><P>Context: http-req-uri-path</P></LI><LI><P>&nbsp;</P><P>Pattern:</P></LI></UL><LI-CODE lang="markup">^GET /\.well-known/acme-challenge/</LI-CODE><P>&nbsp;</P><P>That's the best I could bet.</P><P>&nbsp;</P><P>Btw, I did not know before that "http-req-uri-path" had to include the method (GET), so I had a hard time using the regex anchor "^".</P> Mon, 19 Apr 2021 17:09:56 GMT Alejandro_Grijalba 2021-04-19T17:09:56Z Letsencrypt (acme) challenge URL https://live.paloaltonetworks.com/t5/custom-signatures/letsencrypt-acme-challenge-url/m-p/400172#M391 <P>I created this pattern to recognize Letsencrypt (acme-protocol) challenge.</P><P>&nbsp;</P><P>You need to create a custom application with these fields:</P><UL><LI><P>Typo: Transaction</P></LI><LI><P>&nbsp;</P><P>Context: http-req-uri-path</P></LI><LI><P>&nbsp;</P><P>Pattern:</P></LI></UL><LI-CODE lang="markup">^GET /\.well-known/acme-challenge/</LI-CODE><P>&nbsp;</P><P>That's the best I could bet.</P><P>&nbsp;</P><P>Btw, I did not know before that "http-req-uri-path" had to include the method (GET), so I had a hard time using the regex anchor "^".</P> Mon, 19 Apr 2021 17:09:56 GMT https://live.paloaltonetworks.com/t5/custom-signatures/letsencrypt-acme-challenge-url/m-p/400172#M391 Alejandro_Grijalba 2021-04-19T17:09:56Z Re: Letsencrypt (acme) challenge URL https://live.paloaltonetworks.com/t5/custom-signatures/letsencrypt-acme-challenge-url/m-p/458526#M417 <P>You can look at the "QUALIFIER" option as you can select the request method "POST" or "GET" from there and maybe you will not need to specify it in the pattern match.</P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/pan-os/u-v/custom-app-id-and-threat-signatures/custom-application-and-threat-signatures/create-a-custom-application-signature.html" target="_blank">Create Custom Application Signature (paloaltonetworks.com)</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Also for blocking something maybe better use IPS signature than app signature:</P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/threat-prevention/threat-signatures" target="_blank">Threat Signature Categories (paloaltonetworks.com)</A></P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/threat-prevention/learn-more-about-and-assess-threats/learn-more-about-threat-signatures.html" target="_blank">Learn More About Threat Signatures (paloaltonetworks.com)</A></P> Thu, 13 Jan 2022 09:12:15 GMT https://live.paloaltonetworks.com/t5/custom-signatures/letsencrypt-acme-challenge-url/m-p/458526#M417 nikoolayy1 2022-01-13T09:12:15Z