https://live.paloaltonetworks.com/t5/general-topics/http-ddos-attack-block-signature/m-p/32130#M23561 <HTML><HEAD></HEAD><BODY><P>Hi Kdaitadmin,</P><P></P><P>please look here where they discussed http ddos and found a solution.</P><P><A _jive_internal="true" href="https://live.paloaltonetworks.com/message/29281#29281">https://live.paloaltonetworks.com/message/29281#29281</A></P><P>maybe this meets you needs.</P><P></P><P>Regards Klaus</P></BODY></HTML> Fri, 21 Mar 2014 07:05:22 GMT kdd 2014-03-21T07:05:22Z https://live.paloaltonetworks.com/t5/general-topics/http-ddos-attack-block-signature/m-p/32129#M23560 <HTML><HEAD></HEAD><BODY><P>I need to know how to create a custom signature to block HTTP DDoS attack signature against our Web server.</P><P>The common pattern I can observe in the attack is - either (1) Automated specific URL access&nbsp; or (2) URL access request with Cache-Control: no-cache\r\n\</P><P>I appreciate your comments or suggestions.</P><P></P><P>Sincerely yours, Mike</P></BODY></HTML> Fri, 21 Mar 2014 05:39:51 GMT https://live.paloaltonetworks.com/t5/general-topics/http-ddos-attack-block-signature/m-p/32129#M23560 kdaitadmin225 2014-03-21T05:39:51Z https://live.paloaltonetworks.com/t5/general-topics/http-ddos-attack-block-signature/m-p/32130#M23561 <HTML><HEAD></HEAD><BODY><P>Hi Kdaitadmin,</P><P></P><P>please look here where they discussed http ddos and found a solution.</P><P><A _jive_internal="true" href="https://live.paloaltonetworks.com/message/29281#29281">https://live.paloaltonetworks.com/message/29281#29281</A></P><P>maybe this meets you needs.</P><P></P><P>Regards Klaus</P></BODY></HTML> Fri, 21 Mar 2014 07:05:22 GMT https://live.paloaltonetworks.com/t5/general-topics/http-ddos-attack-block-signature/m-p/32130#M23561 kdd 2014-03-21T07:05:22Z https://live.paloaltonetworks.com/t5/general-topics/http-ddos-attack-block-signature/m-p/32131#M23562 <HTML><HEAD></HEAD><BODY><P>Hi Klaus,</P><P></P><P>Thank you for your response.</P><P></P><P>I was looking at exact same post. The post said "Create the custom signature to block HTTP Packets with "Cache-control: no-store, must-revaridate\r\n",</P><P>but I just need to know how to create custom signature on our PA-500 box with PANOS 5.0.</P><P></P><P>If you know how to create a custom HTTP block signature, I much appreciate your support.</P><P></P><P>Sincerely yours,&nbsp; Mike</P></BODY></HTML> Fri, 21 Mar 2014 15:28:32 GMT https://live.paloaltonetworks.com/t5/general-topics/http-ddos-attack-block-signature/m-p/32131#M23562 kdaitadmin225 2014-03-21T15:28:32Z https://live.paloaltonetworks.com/t5/general-topics/http-ddos-attack-block-signature/m-p/32132#M23563 <HTML><HEAD></HEAD><BODY><P>Hi kdaitadmin,</P><P></P><P>to set up a signature go the objects tab, -&gt; Application and -&gt; Add</P><P><IMG alt="sig-1.PNG.png" class="jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/12351_sig-1.PNG.png" style="width: 620px; height: 372px;" /></P><P>chose the parameter which will be shown in the log for this signature</P><P>and then go to&nbsp; the signature tab and choose add to open this menu</P><P>assign a signature name and choose the add condition you want</P><P>afterwards the menu with http header options appear</P><P></P><P><IMG alt="sig-2.PNG.png" class="jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/12352_sig-2.PNG.png" style="width: 620px; height: 514px;" /></P><P>assign a pattern and to be more precise choose a qualifier / method. this depends on the context you have choosen before</P><P><IMG alt="sig-3.PNG.png" class="jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/12353_sig-3.PNG.png" /></P><P></P><P>pattern syntax</P><P><A _jive_internal="true" href="https://live.paloaltonetworks.com/docs/DOC-1499">https://live.paloaltonetworks.com/docs/DOC-1499</A></P><P>hope this helps</P><P></P><P>Regards Klaus</P></BODY></HTML> Mon, 24 Mar 2014 07:58:34 GMT https://live.paloaltonetworks.com/t5/general-topics/http-ddos-attack-block-signature/m-p/32132#M23563 kdd 2014-03-24T07:58:34Z https://live.paloaltonetworks.com/t5/general-topics/http-ddos-attack-block-signature/m-p/32133#M23564 <HTML><HEAD></HEAD><BODY><P>Hello <A href="https://live.paloaltonetworks.com/u1/23837">kdaitadmin225</A>,</P><P></P><P>Here are couple docs explaining creating of custom signatures for Apps and threats.</P><P></P><P><A href="https://live.paloaltonetworks.com/docs/DOC-2015">Custom Application Signatures</A></P><P></P><P><A href="https://live.paloaltonetworks.com/docs/DOC-5534">Creating Custom Threat Signatures</A></P><P></P><P>Hope this helps.</P></BODY></HTML> Mon, 24 Mar 2014 14:44:37 GMT https://live.paloaltonetworks.com/t5/general-topics/http-ddos-attack-block-signature/m-p/32133#M23564 Phoenix 2014-03-24T14:44:37Z