HTTP DDoS attack block signature

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

HTTP DDoS attack block signature

Not applicable

I need to know how to create a custom signature to block HTTP DDoS attack signature against our Web server.

The common pattern I can observe in the attack is - either (1) Automated specific URL access  or (2) URL access request with Cache-Control: no-cache\r\n\

I appreciate your comments or suggestions.

Sincerely yours, Mike

4 REPLIES 4

L4 Transporter

Hi Kdaitadmin,

please look here where they discussed http ddos and found a solution.

https://live.paloaltonetworks.com/message/29281#29281

maybe this meets you needs.

Regards Klaus

Hi Klaus,

Thank you for your response.

I was looking at exact same post. The post said "Create the custom signature to block HTTP Packets with "Cache-control: no-store, must-revaridate\r\n",

but I just need to know how to create custom signature on our PA-500 box with PANOS 5.0.

If you know how to create a custom HTTP block signature, I much appreciate your support.

Sincerely yours,  Mike

L4 Transporter

Hi kdaitadmin,

to set up a signature go the objects tab, -> Application and -> Add

sig-1.PNG.png

chose the parameter which will be shown in the log for this signature

and then go to  the signature tab and choose add to open this menu

assign a signature name and choose the add condition you want

afterwards the menu with http header options appear

sig-2.PNG.png

assign a pattern and to be more precise choose a qualifier / method. this depends on the context you have choosen before

sig-3.PNG.png

pattern syntax

https://live.paloaltonetworks.com/docs/DOC-1499

hope this helps

Regards Klaus

Hello kdaitadmin225,

Here are couple docs explaining creating of custom signatures for Apps and threats.

Custom Application Signatures

Creating Custom Threat Signatures

Hope this helps.

  • 2973 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!