This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Which category contains the filter for Log4shell?

Hi all, which category should I enable on the "Webserver Protection", "Firewall Profiles", "Common Threat Filter Categories" to block log4j related attacks?

https://postimg.cc/mzfvCgbm

Thanks for any help!!



This thread was automatically locked due to age.
Parents
  • I thought these were already being blocked by snort rules?  According to the IPS rule sheet the snort SIDs are there. So wouldn't the rule be applied no matter which you would choose?

    UTM - 9.711 | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SATA HDD | GB Ethernet x5

  • Hi Amodin, so to understand well, the snort rules are the default ones already integrated in the IPS filter and that regardless of the categories that I can choose in the WAF filter, they will always be applied and cannot be disabled, is that correct?

  • That's how I *think* it works, but I could be wrong.  If I am, I'd like to know myself.  Hence, why I was sort of asking the question myself, haha.

    UTM - 9.711 | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SATA HDD | GB Ethernet x5

Reply
  • That's how I *think* it works, but I could be wrong.  If I am, I'd like to know myself.  Hence, why I was sort of asking the question myself, haha.

    UTM - 9.711 | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SATA HDD | GB Ethernet x5

Children