95 lines
3.1 KiB
JSON
95 lines
3.1 KiB
JSON
{
|
|
"compile_table": "PXY_ INTERCEPT _COMPILE",
|
|
"group_table": "PXY_ INTERCEPT_GROUP",
|
|
"rules": [
|
|
{
|
|
"compile_id": 1,
|
|
"service": 1,
|
|
"action":64,
|
|
"do_blacklist": 1,
|
|
"do_log": 1,
|
|
"effective_rage": 0,
|
|
"user_region": "Droprate=0.50",
|
|
"is_valid": "yes",
|
|
"groups": [
|
|
{
|
|
"group_name": "Untitled",
|
|
"regions": [
|
|
{
|
|
"table_name": "PXY_INTERCEPT_IP",
|
|
"table_type": "ip",
|
|
"table_content": {
|
|
"addr_type": "ipv4",
|
|
"src_ip": "192.168.66.123",
|
|
"mask_src_ip": "255.255.255.255",
|
|
"src_port": "0",
|
|
"mask_src_port": "65535",
|
|
"dst_ip": "0.0.0.0",
|
|
"mask_dst_ip": "255.255.255.255",
|
|
"dst_port": "0",
|
|
"mask_dst_port": "65535",
|
|
"protocol": 0,
|
|
"direction": "double"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 2,
|
|
"service": 48,
|
|
"action": 80,
|
|
"do_blacklist": 1,
|
|
"do_log": 1,
|
|
"effective_rage": 0,
|
|
"user_region": "anything",
|
|
"is_valid": "yes",
|
|
"groups": [
|
|
{
|
|
"group_name": "Untitled",
|
|
"regions": [
|
|
{
|
|
"table_name": "PXY_INTERCEPT_DOMAIN",
|
|
"table_type": "string",
|
|
"table_content": {
|
|
"keywords": "abcdddfedfe",
|
|
"expr_type": "none",
|
|
"match_method": "sub",
|
|
"format":"uncase plain"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 3,
|
|
"service": 48,
|
|
"action": 80,
|
|
"do_blacklist": 1,
|
|
"do_log": 1,
|
|
"effective_rage": 0,
|
|
"user_region": "zone=pkt_payload;substitute=/baidu/qq",
|
|
"is_valid": "yes",
|
|
"groups": [
|
|
{
|
|
"group_name": "Untitled",
|
|
"regions": [
|
|
{
|
|
"table_name": "PXY_INTERCEPT_PKT_BIN",
|
|
"table_type": "string",
|
|
"table_content": {
|
|
"keywords": "dfek;fdfkds;",
|
|
"expr_type": "none",
|
|
"match_method": "sub",
|
|
"format":"hexbin"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|