- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-20-2014 10:39 PM
I need to know how to create a custom signature to block HTTP DDoS attack signature against our Web server.
The common pattern I can observe in the attack is - either (1) Automated specific URL access or (2) URL access request with Cache-Control: no-cache\r\n\
I appreciate your comments or suggestions.
Sincerely yours, Mike
03-21-2014 12:05 AM
Hi Kdaitadmin,
please look here where they discussed http ddos and found a solution.
https://live.paloaltonetworks.com/message/29281#29281
maybe this meets you needs.
Regards Klaus
03-21-2014 08:28 AM
Hi Klaus,
Thank you for your response.
I was looking at exact same post. The post said "Create the custom signature to block HTTP Packets with "Cache-control: no-store, must-revaridate\r\n",
but I just need to know how to create custom signature on our PA-500 box with PANOS 5.0.
If you know how to create a custom HTTP block signature, I much appreciate your support.
Sincerely yours, Mike
03-24-2014 12:58 AM
Hi kdaitadmin,
to set up a signature go the objects tab, -> Application and -> Add
chose the parameter which will be shown in the log for this signature
and then go to the signature tab and choose add to open this menu
assign a signature name and choose the add condition you want
afterwards the menu with http header options appear
assign a pattern and to be more precise choose a qualifier / method. this depends on the context you have choosen before
pattern syntax
https://live.paloaltonetworks.com/docs/DOC-1499
hope this helps
Regards Klaus
03-24-2014 07:44 AM
Hello kdaitadmin225,
Here are couple docs explaining creating of custom signatures for Apps and threats.
Creating Custom Threat Signatures
Hope this helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!