This article explains how you can detect and stop the ShellCode in a Blue Coat ProxySG.
The first step is figure out a pattern to recognize it. The following regex code should be sufficient:
\(\) \{
You use a bit of CPL code to recognize this in your HTTP traffic and stop it:
<Proxy>
FORCE_DENY request.raw_headers.regex="\(\) \{"
FORCE_DENY http.request[name,value].regex="\(\) \{"
To make sure you can’t allow it on other rules we use the FORCE_DENY option instead of the DENY option.
This may put a significant load on your ProxySG.
Reacties
Er zijn nog geen reacties op dit artikel.
reageren