阅读权限100
最后登录2017-5-26
在线时间18 小时
积分1551
注册时间2013-9-19
精华1
主题113
UID466
帖子179
金币1423
威望5
贡献1
技术0
活跃6
分区版主
- 贡献
- 1
- 技术
- 0
- 活跃
- 6
- 在线时间
- 18 小时
|
ZBF 完美解法:
需求:
解法:
zone security Inside
zone security Outside
parameter-map type regex attack
pattern [Aa][Tt][Tt][Aa][Cc][Kk]
class-map type inspect http match-all attack.class
match request uri regex attack
class-map type inspect match-all HTTP.class
match protocol http
policy-map type inspect http attack.policy
class type inspect http attack.class
reset
log
policy-map type inspect Inside-to-Outside.policy
class type inspect HTTP.class
inspect
service-policy http attack.policy
class class-default
pass
policy-map type inspect Outside-to-Inside.policy
class class-default
pass
ip inspect one-minute low 400
ip inspect one-minute high 500
zone-pair security Inside-to-Outside source Inside destination Outside
service-policy type inspect Inside-to-Outside.policy
zone-pair security Outside-to-Inside source Outside destination Inside
service-policy type inspect Outside-to-Inside.policy
interface FastEthernet0/0
ip address 12.12.17.1 255.255.255.0
zone-member security Inside
interface FastEthernet0/1
ip address 150.1.12.1 255.255.255.0
zone-member security Outside
interface Serial0/0/0
ip address 12.12.12.1 255.255.255.0
zone-member security Inside
interface Serial0/0/1
ip address 12.12.15.1 255.255.255.0
zone-member security Inside
测试:
|
|