This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About JackField
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About JackField
01-30-2022
3Posts
1Like
0Solutions
Jan 30, 2022Last Visited
User
Activity
User
Profile
Latest posts by JackField
| Subject | Views | Posted |
|---|---|---|
| 3265 | 03-22-2019 02:56 AM | |
| 3625 | 03-12-2019 03:11 AM | |
| 3862 | 03-06-2019 06:21 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 03-06-2019 06:21 AM |
User Badges
Community Statistics
| Member Since | 01-07-2019 06:14 AM |
| Date Last Visited | 01-30-2022 06:16 PM |
| Posts | 3 |
| Total Likes Received | 1 |
03-22-2019
02:56 AM
Hi all, I'm trying to use custom data patterns to block all content related to the 'Momo' hoax. I'm having issues getting around the fact that 'momo' is smaller than 7 bytes. Do you have any recommendations on how to use an anchor 7 bytes or longer that would block momo Google, Image and Youtube searches? So far I can only stop searches from the address bar using: http-re-params: search\?q=(.*momo.*).{1,1000}rlz=1C1GCEA_enGB Would really appreciate any help. Thanks, Jack
... View more
03-12-2019
03:11 AM
Hi @reaper , @BPry , Thanks for the help. I've been looking into this and it certainly seems the right path. I'm running into a brick wall at the moment though. My Regex's only work with limited effect, and once a search for the malicious term 'momo' has sucessfully established, my vulnerability protections no longer work. Could you please advise, I've listed them below. A big part of the problem is that regex's have to be 7 bytes or larger without wildcard objects; so momo on it's own won't work. Interestingly, one of my Regex's - momohoax|momo|momodanger|momowhatsapp|momochallenge|momo.|.momo|.momo. - context = http-req-message-body - will block me from working on the custom vulnerability object after it's been commited. This is a good thing, since it shows the protection is working on websites holding 'momo' content, but it is only working on the firewall config. I have set up the security profiles and policies correctly, and decryption is enabled. Here's the regex's that have only limited scope: Context: http-req-params - Value: search\?q=(.*momo\+.*) Context: http-req-params - Value: search\?q=(.*.momo.*) Context: http-req-params - Value: search\?q=(.*.momo*.*)\&source=. Context: http-req-params - Value: .*(q=momo&rlz=).* Context: http-req-params - Value: search_query=(.*.momo.*).* Context: http-req-message-body Value: momohoax|momo|momodanger|momowhatsapp|momochallenge|momo.|.momo|.momo. I know it's possible to create a condition that will block any webpage with momo on it, I'm just stumped as to how! Thanks, J
... View more
03-06-2019
06:21 AM
1 Kudo
Hi guys, We're trying to stop users from accessing webpages featuring 'momo' content. We've set up the below custom URL category and it only blocks Google searches for momo while in incognito mode, and still allows Google image and Youtube results. Is there anything wrong with this, we may have gone OTT trying to get this to work: Using asterisks gives us errors. Thanks, J
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
01-30-2022
06:16 PM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks