D-Link DFL-260E User Manual for DFL-260E - Page 346
IDP Signature Selection, IDP Signature Selection
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 346 highlights
6.5.3. IDP Rules Chapter 6. Security Mechanisms IDP Signature Selection When using the Web Interface, all IDP signatures in the local signature database are shown under the heading IDP Signatures. This displays a two level tree of all signatures ordered by group. However, its purpose is for reference only and it is not possible to add signatures through this tree. In the Web Interface, associating signatures with an IDP rule is done by selecting the Action tab. A screenshot of part of this tab in the Web Interface is shown below. Figure 6.10. IDP Signature Selection There is a choice of either entering signatures in the upper text box or selecting them through the tree underneath which collects the signatures together into their respective groups. When collections of signatures are selected in the tree, the equivalent wildcard definition will automatically appear in the box above. Individual signatures cannot be selected through the tree and can only be entered in the text box. What appears in the upper text box is equivalent to the way signatures are specified when using the CLI to define an IDP rule. HTTP Normalization Each IDP rule has a section of settings for HTTP normalization. This allows the administrator to choose the actions that should be taken when IDP finds inconsistencies in the URIs embedded in incoming HTTP requests. Some server attacks are based on creating URIs with sequences that can exploit weaknesses in some HTTP server products. The URI conditions which IDP can detect are: • Invalid UTF8 This looks for any invalid UTF8 characters in a URI. • Invalid hex encoding A valid hex sequence is where a percentage sign is followed by two hexadecimal values to represent a single byte of data. An invalid hex sequence would be percentage sign followed by something which is not a valid hexadecimal value. • Double encoding This looks for any hex sequence which itself is encoded using other hex escape sequences. An example would be the original sequence %2526 where %25 is then might be decoded by the HTTP server to '%' and results in the sequence '%26'. This is then finally decoded to '&'. 346