Sophos Central customers have reported issues preventing successful installation, live terminal and device list access issues in the EU-CENTRAL-1 region For more info refer to KBA-000041338 for the latest updates.

Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Iphone "attacking" Amazon AWS hosts - Bypass single IDS signature?

martinh_dk

Hello,

I just migrated a Home UTM to XG - and generally all is fine, except for some missing UTM features.

However, IPS shows one iPhone attacking various AWS hosts. (The phone happens to be mine).
IDS Signature ID is 35038 - "SERVER-OTHER Trustwave ModSecurity chunked transfer encoding policy bypass attempt")
The "attack" is probably caused by bad app coding, rather than malicious intent.

Is there an easy way to bypass this specific IDS signature for my iPhone?
The AWS IPs seem to change to often, so I would rather make the exception for the MAC-host created for the phone.

If I try to create a new IDS Policy and clone current policy (lantowan_general -> Migrate-def_filter_3) I am unable to edit included signatures. ("Save" button greyed out)

 

Best regards
martin Holst



This thread was automatically locked due to age.
  • +1

    1. here you can find the way to create the exception. (a new IPS-Rule with exception included)
    https://community.sophos.com/kb/en-us/132879

    2. you have to create / clone the rule and save them. reopen the new rule and you are able to edit signatures.

     


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.