# config ips customResults.
edit "102613"
set signature "F-SBID( --attack_id 4976; --name \"HTTP.OPTIONS.LEMUEL\"; --service HTTP; --flow from_client; --pattern \"OPTIONS \"; --context uri; --no_case; --within 8,context; )"
set severity critical
set action block
set comment ''
next
end
# config ips sensor
edit "IPS_Filter"
set block-malicious-url enable
set scan-botnet-connections block
# config entries
edit 1
set rule 4976
set status enable
set action block
set quarantine attacker
set quarantine-expiry 1d
next
end
next
end
# config firewall interface-policy
edit 1
set interface "wan1"
set srcaddr "all"
set dstaddr "all"
set service "ALL"
set ips-sensor-status enable
set ips-sensor "IPS_Filter"
next
end
Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.