{ "rule_table": "RULE_DEFAULT", "object2rule_table": "OBJECT2RULE_DEFAULT", "object2object_table": "OBJECT2OBJECT", "objects": [ { "object_name": "ASN1234", "object_id": 1, "regions": [ { "table_name": "AS_NUMBER", "table_type": "expr", "table_content": { "keywords": "^AS1234$", "expr_type": "and" } } ] }, { "object_name": "ASN2345", "object_id": 2, "regions": [ { "table_name": "AS_NUMBER", "table_type": "expr", "table_content": { "keywords": "^AS2345$", "expr_type": "and" } } ] }, { "object_name": "ASN6789", "object_id": 3, "regions": [ { "table_name": "AS_NUMBER", "table_type": "expr", "table_content": { "keywords": "^AS6789$", "expr_type": "and" } } ] }, { "object_name": "ASN9001", "object_id": 4, "regions": [ { "table_name": "AS_NUMBER", "table_type": "expr", "table_content": { "keywords": "^AS9001$", "expr_type": "and" } } ] }, { "object_name": "ASN9002", "object_id": 5, "regions": [ { "table_name": "AS_NUMBER", "table_type": "expr", "table_content": { "keywords": "^AS9002$", "expr_type": "and" } } ] }, { "object_name": "ASN9003", "object_id": 6, "regions": [ { "table_name": "AS_NUMBER", "table_type": "expr", "table_content": { "keywords": "^AS9003$", "expr_type": "and" } } ] }, { "object_name": "IPv4-composition-source-only", "object_id": 7, "regions": [ { "table_type":"ip", "table_name": "IP_PLUS_CONFIG", "table_content": { "ip": "192.168.50.24" } } ] }, { "object_name": "FQDN_OBJ1", "object_id": 8, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "^sports.example.com$", "expr_type": "and" } } ] }, { "object_name": "FQDN_CAT1", "object_id": 9, "regions": [ { "table_name": "INTERGER_PLUS", "table_type": "interval_plus", "table_content": { "district": "fqdn_cat_id", "interval": "1724" } } ] }, { "object_name": "IPv4-composition-NOT-client-ip", "object_id": 10, "regions": [ { "table_type":"ip", "table_name": "IP_PLUS_CONFIG", "table_content": { "ip": "192.168.58.19" } } ] }, { "object_name": "IPv4-composition-NOT-server-ip", "object_id": 11, "regions": [ { "table_type":"ip", "table_name": "IP_PLUS_CONFIG", "table_content": { "ip": "10.0.1.20-10.0.1.25" } } ] }, { "object_name": "financial-department-ip", "object_id": 12, "regions": [ { "table_name": "IP_CONFIG", "table_type":"ip", "table_content": { "ip": "192.168.40.88/32" } } ] }, { "object_name": "security-department-ip", "object_id": 13, "regions": [ { "table_name": "IP_PLUS_CONFIG", "table_type":"ip", "table_content": { "ip": "192.168.40.88/32" } } ] }, { "object_name": "develop-department-ip", "object_id": 14, "regions": [ { "table_name": "IP_PLUS_CONFIG", "table_type":"ip", "table_content": { "ip": "192.168.40.88/32" } } ] }, { "object_name": "Country-Sparta-IP", "object_id": 15, "regions": [ { "table_name": "GeoLocation", "table_type": "expr", "table_content": { "keywords": "^Greece.Sparta$", "expr_type": "and" } } ] } ], "rules": [ { "rule_id": 123, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "escaped\\bdata:have\\ba\\bspace\\band\\ba\\b\\&\\bsymbol.", "is_valid": "yes", "objects": [ { "attribute": "IP_CONFIG", "object_name": "123_IP_object", "object_id": 100, "regions": [ { "table_name": "IP_CONFIG", "table_type":"ip", "table_content": { "ip": "10.0.6.201/32" } }, { "table_name": "IP_CONFIG", "table_type":"ip", "table_content": { "ip": "2001:da8:205:1::101/112" } } ] }, { "attribute": "HTTP_URL", "object_name": "123_url_object", "object_id": 101, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "abckkk&123", "expr_type": "and" } } ] } ] }, { "rule_id": 124, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "anything", "is_valid": "yes", "objects": [ { "attribute":"IP_CONFIG", "object_name": "123_IP_object" }, { "attribute": "CONTENT_SIZE", "object_name": "124_interval_object", "object_id": 102, "regions": [ { "table_name": "CONTENT_SIZE", "table_type": "interval", "table_content": { "interval": "100-500" } } ] } ] }, { "rule_id": 125, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "anything", "is_valid": "yes", "objects": [ { "attribute":"HTTP_URL", "object_name": "125_url_object", "object_id": 103, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "action=search\\&query=(.*)", "expr_type": "regex" } } ] } ] }, { "rule_id": 126, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "anything", "is_valid": "yes", "objects": [ { "attribute": "HTTP_URL", "object_name": "126_url_object", "object_id": 105, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "should_not_hit_any_rule", "expr_type": "and" } } ] }, { "attribute": "CONTENT_SIZE", "object_name": "126_interval_object", "object_id": 106, "regions": [ { "table_name": "CONTENT_SIZE", "table_type": "interval", "table_content": { "interval": "2014-2016" } } ] } ] }, { "rule_id": 128, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "StringScan.ExprPlus", "is_valid": "yes", "objects": [ { "attribute": "HTTP_SIGNATURE", "object_name": "128_expr_plus_object", "object_id": 107, "regions": [ { "table_name": "HTTP_SIGNATURE", "table_type": "expr_plus", "table_content": { "district": "HtTP UrL", "keywords": "abckkk&123", "expr_type": "and" } } ] } ] }, { "rule_id": 129, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "utf8_中文", "is_valid": "yes", "objects": [ { "attribute": "HTTP_URL", "object_name": "129_url_object", "object_id": 108, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "C#中国", "expr_type": "and" } } ] } ] }, { "rule_id": 130, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "utf8_维语", "is_valid": "yes", "objects": [ { "attribute": "KEYWORDS_TABLE", "object_name": "130_keywords_object", "object_id": 109, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "2010&يىلىدىكى", "expr_type": "and" } } ] } ] }, { "rule_id": 131, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "utf8_维语2", "is_valid": "yes", "objects": [ { "attribute": "KEYWORDS_TABLE", "object_name": "131_keywords_object", "object_id": 110, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "سىياسىي", "expr_type": "and" } } ] } ] }, { "rule_id": 132, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "string\\bunescape", "is_valid": "yes", "objects": [ { "attribute": "KEYWORDS_TABLE", "object_name": "TakeMeHome", "object_id": 111, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "Take me Home&Batman\\", "expr_type": "and" } } ] } ] }, { "rule_id": 133, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "13018_table_conjunction_test_part1\bnow_its_very_very_long0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz", "is_valid": "yes", "objects": [ { "attribute": "HTTP_HOST", "object_name": "133_host_object", "object_id": 112, "regions": [ { "table_name": "HTTP_HOST", "table_type": "expr", "table_content": { "keywords": "www.3300av.com", "expr_type": "and" } } ] } ] }, { "rule_id": 134, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "table_conjunction_test_part2", "is_valid": "yes", "objects": [ { "attribute": "HTTP_URL", "object_name": "134_url_object", "object_id": 113, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "novel&27122.txt", "expr_type": "and" } } ] } ] }, { "rule_id": 136, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "offset_string", "is_valid": "yes", "objects": [ { "attribute": "IMAGE_FP", "object_name": "136_expr_object", "object_id": 114, "regions": [ { "table_name": "IMAGE_FP", "table_type": "expr", "table_content": { "keywords": "(offset=4362,depth=4458)|323031333A30333A30372032333A35363A313000323031333A30333A30372032333A35363A3130000000FFE20C584943435F50524F46494C4500010100000C484C696E6F021000006D6E74725247422058595A2007CE00020009000600310000|", "expr_type": "and" } } ] } ] }, { "rule_id": 137, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "offset_string", "is_valid": "yes", "objects": [ { "attribute": "IMAGE_FP", "object_name": "137_expr_object", "object_id": 115, "regions": [ { "table_name": "IMAGE_FP", "table_type": "expr", "table_content": { "keywords": "(offset=19339,depth=19467)|6CB2CB2F2028474C994991CCFC65CCA5E3B6FF001673985D157358610CACC674EE64CC27B5721CCDABD9CCA7C8E9F7BB1F54A930A6034D50F92711F5B2DACCB0715D2E6873CE5CE431DC701A194C260E9DB78CC89F2C84745869AB88349A3AE0412AB59D9ABA84EDEFFF0057FA4DA66D333698B5AD6F844DA2226D1CADAD5E44|", "expr_type": "and" } } ] } ] }, { "rule_id": 138, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "effective_range": 0, "tags": "{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\",\"上海/浦东/陆家嘴\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"联通\"]}],[{\"tag\":\"location\",\"value\":[\"北京\"]},{\"tag\":\"isp\",\"value\":[\"联通\"]}]]}", "user_region": "Not\\baccepted\\btags", "is_valid": "yes", "objects": [ { "attribute": "HTTP_URL", "object_name": "138_url_object", "object_id": 116, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "should&hit&aaa", "expr_type": "and" } } ] } ] }, { "rule_id": 139, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "effective_range": 0, "tags": "{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"移动\"]}]]}", "user_region": "Accepted\\btags", "is_valid": "yes", "objects": [ { "attribute": "HTTP_URL", "object_name": "139_url_object", "object_id": 117, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "should&hit&bbb", "expr_type": "and" } } ] } ] }, { "rule_id": 140, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "file_streams", "is_valid": "yes", "objects": [ { "attribute": "KEYWORDS_TABLE", "object_name": "140_keywords_object", "object_id": 118, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "2018-10-05", "expr_type": "and" } } ] } ] }, { "rule_id": 141, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "Something:I\\bhave\\ba\\bname,7799", "rule_table_name": "RULE_ALIAS", "is_valid": "yes", "objects": [ { "g2c_table_name": "OBJECT2RULE_ALIAS", "attribute": "HTTP_URL", "object_name": "141_url_object", "object_id": 119, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "i.ytimg.com", "expr_type": "and" } } ] } ] }, { "rule_id": 142, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "StringScan.UTF8EncodedURL", "is_valid": "yes", "objects": [ { "attribute": "HTTP_URL", "object_name": "142_url_object", "object_id": 120, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": ",IgpwcjA0LnN2bzAzKgkxMjcuMC4wLjE", "expr_type": "and" } } ] } ] }, { "rule_id": 143, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "NOTLogic.OneRegion", "is_valid": "yes", "objects": [ { "attribute": "HTTP_URL_FILTER", "object_name": "143_url_object1", "object_id": 121, "negate_option": 0, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "must-contained-string-of-rule-143", "expr_type": "and" } } ] }, { "attribute": "HTTP_URL_FILTER", "object_name": "143_url_object2", "object_id": 122, "negate_option": 1, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "must-not-contained-string-of-rule-143", "expr_type": "and" } } ] } ] }, { "rule_id": 144, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "NOTLogic.ScanNotAtLast", "is_valid": "yes", "objects": [ { "attribute": "HTTP_URL_FILTER", "object_name": "144_url_object", "object_id": 123, "negate_option": 0, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "must-contained-string-of-rule-144", "expr_type": "and" } } ] }, { "attribute": "HTTP_RESPONSE_KEYWORDS", "object_name": "144_keywords_object", "object_id": 124, "negate_option": 1, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "must-not-contained-string-of-rule-144", "expr_type": "and" } } ] } ] }, { "rule_id": 145, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "NOTLogic.ScanNotIP", "is_valid": "yes", "objects": [ { "attribute": "HTTP_URL", "object_name": "145_url_object", "object_id": 125, "negate_option": 0, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "must-contained-string-of-rule-145", "expr_type": "and" } } ] }, { "attribute": "ATTRIBUTE_IP_CONFIG", "object_name": "123_IP_object", "negate_option": 1 } ] }, { "rule_id": 146, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "NOTLogic.NotExprConditionAndNotIPCondition", "is_valid": "yes", "objects": [ { "attribute": "HTTP_URL_FILTER", "object_name": "146_url_object", "object_id": 126, "negate_option": 0, "condition_index": 0, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "must-contained-string-of-rule-146", "expr_type": "and" } } ] }, { "attribute": "HTTP_RESPONSE_KEYWORDS", "object_name": "146_keywords_object", "object_id": 127, "negate_option": 1, "condition_index": 1, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "must-contained-not-string-of-rule-146", "expr_type": "and" } } ] }, { "attribute": "ATTRIBUTE_IP_CONFIG", "object_name": "123_IP_object", "negate_option": 1, "condition_index": 2 } ] }, { "rule_id": 147, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "NOTLogic.8NotCondition", "is_valid": "yes", "objects": [ { "attribute": "HTTP_RESPONSE_KEYWORDS_1", "object_name": "147_keywords_object1", "object_id": 128, "negate_option": 1, "condition_index": 0, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "condition0-in-rule-147", "expr_type": "and" } } ] }, { "attribute": "HTTP_RESPONSE_KEYWORDS_2", "object_name": "147_keywords_object2", "object_id": 129, "negate_option": 1, "condition_index": 1, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "condition1-in-rule-147", "expr_type": "and" } } ] }, { "attribute": "HTTP_RESPONSE_KEYWORDS_3", "object_name": "147_keywords_object3", "object_id": 130, "negate_option": 1, "condition_index": 2, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "condition2-in-rule-147", "expr_type": "and" } } ] }, { "attribute": "HTTP_RESPONSE_KEYWORDS_4", "object_name": "147_keywords_object4", "object_id": 131, "negate_option": 1, "condition_index": 3, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "condition3-in-rule-147", "expr_type": "and" } } ] }, { "attribute": "HTTP_RESPONSE_KEYWORDS_5", "object_name": "147_keywords_object5", "object_id": 132, "negate_option": 1, "condition_index": 4, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "condition4-in-rule-147", "expr_type": "and" } } ] }, { "attribute": "HTTP_RESPONSE_KEYWORDS_6", "object_name": "147_keywords_object6", "object_id": 133, "negate_option": 1, "condition_index": 5, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "condition5-in-rule-147", "expr_type": "and" } } ] }, { "attribute": "HTTP_RESPONSE_KEYWORDS_7", "object_name": "147_keywords_object7", "object_id": 134, "negate_option": 1, "condition_index": 6, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "condition6-in-rule-147", "expr_type": "and" } } ] }, { "attribute": "HTTP_RESPONSE_KEYWORDS_8", "object_name": "147_keywords_object8", "object_id": 135, "negate_option": 1, "condition_index": 7, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "condition7-in-rule-147", "expr_type": "and" } } ] } ] }, { "rule_id": 148, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "StringScan.Regex", "is_valid": "yes", "objects": [ { "attribute": "HTTP_URL", "object_name": "148_url_object", "object_id": 136, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "Cookie:\\s.*head", "expr_type": "regex" } } ] } ] }, { "rule_id": 149, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "StringScan.ExprPlusWithOffset", "is_valid": "yes", "objects": [ { "attribute": "APP_PAYLOAD", "object_name": "149_app_object", "object_id": 137, "regions": [ { "table_name": "APP_PAYLOAD", "table_type": "expr_plus", "table_content": { "district": "Payload", "keywords": "(offset=1,depth=1)|03|&(offset=9,depth=10)|2d|&(offset=14,depth=16)|2d34|&(offset=19,depth=21)|2d|&(offset=24,depth=25)|2d|", "expr_type": "and" } } ] } ] }, { "rule_id": 150, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "StringScan.BugReport20190325", "is_valid": "yes", "objects": [ { "attribute": "TROJAN_PAYLOAD", "object_name": "billgates_regist1", "object_id": 138, "regions": [ { "table_type": "expr", "table_name": "TROJAN_PAYLOAD", "table_content": { "keywords": "(offset=0,depth=4)|01000000|", "expr_type": "and" } } ] }, { "attribute": "TROJAN_PAYLOAD", "object_name": "billgates_regist2", "object_id": 139, "regions": [ { "table_type": "expr", "table_name": "TROJAN_PAYLOAD", "table_content": { "keywords": "1:G2.40", "expr_type": "and" } } ] } ] }, { "rule_id": 151, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "StringScan.PrefixAndSuffix", "is_valid": "yes", "objects": [ { "attribute": "MAIL_ADDR", "object_name": "151_expr_object", "object_id": 140, "regions": [ { "table_type": "expr", "table_name": "MAIL_ADDR", "table_content": { "keywords": "ceshi3@mailhost.cn$", "expr_type": "and" } } ] } ] }, { "rule_id": 152, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "StringScan.PrefixAndSuffix", "is_valid": "yes", "objects": [ { "attribute": "MAIL_ADDR", "object_name": "152_mail_addr", "object_id": 141, "regions": [ { "table_type": "expr", "table_name": "MAIL_ADDR", "table_content": { "keywords": "^ceshi3@mailhost.cn", "expr_type": "and" } }, { "table_type": "expr", "table_name": "MAIL_ADDR", "table_content": { "keywords": "^ceshi6@mailhost.cn", "expr_type": "and" } } ] }, { "attribute": "CONTENT_SIZE", "object_name": "interval_object_refered", "object_id": 142, "sub_objects": [ { "object_name": "126_interval_object" } ] } ] }, { "rule_id": 153, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "Policy.SubObject", "is_valid": "yes", "objects": [ { "attribute": "MAIL_ADDR", "object_name": "153_expr_object", "object_id": 143, "negate_option": 0, "regions": [ { "table_type": "expr", "table_name": "MAIL_ADDR", "table_content": { "keywords": "^ceshi4@mailhost.cn", "expr_type": "and" } } ], "sub_objects": [ { "attribute": "MAIL_ADDR", "object_name": "152_mail_addr" } ] }, { "attribute": "IP_CONFIG", "object_name": "IP_object_refered", "object_id": 144, "sub_objects": [ { "object_name": "123_IP_object" } ] } ] }, { "rule_id": 154, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "ipv4_plus", "is_valid": "yes", "objects": [ { "attribute": "IP_PLUS_CONFIG", "object_name": "154_IP_object", "object_id": 145, "negate_option": 0, "regions": [ { "table_type":"ip", "table_name": "IP_PLUS_CONFIG", "table_content": { "ip": "10.0.7.100-10.0.7.101" } } ] } ] }, { "rule_id": 155, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "ipv6_plus", "is_valid": "yes", "objects": [ { "attribute": "IP_PLUS_CONFIG", "object_name": "155_IP_object", "object_id": 146, "negate_option": 0, "regions": [ { "table_type":"ip", "table_name": "IP_PLUS_CONFIG", "table_content": { "ip": "1001:da8:205:1::101-1001:da8:205:1::102" } } ] } ] }, { "rule_id": 156, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "ExprPlusWithHex", "is_valid": "yes", "objects": [ { "attribute": "HTTP_SIGNATURE", "object_name": "156_expr_object", "object_id": 147, "regions": [ { "table_name": "HTTP_SIGNATURE", "table_type": "expr_plus", "table_content": { "district": "Content-Type", "keywords": "|2f68746d6c|", "expr_type": "and" } } ] } ] }, { "rule_id": 157, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "StringScan.StreamScanUTF8", "is_valid": "yes", "objects": [ { "attribute": "TROJAN_PAYLOAD", "object_name": "157_expr_object", "object_id": 148, "regions": [ { "table_type": "expr", "table_name": "TROJAN_PAYLOAD", "table_content": { "keywords": "我的订单", "expr_type": "and" } } ] } ] }, { "rule_id": 158, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "IPScan.IPv4_CIDR", "is_valid": "yes", "objects": [ { "attribute": "IP_PLUS_CONFIG", "object_name": "158_IP_object", "object_id": 149, "regions": [ { "table_type":"ip", "table_name": "IP_PLUS_CONFIG", "table_content": { "ip": "192.168.0.1/32" } } ] } ] }, { "rule_id": 159, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "IPScan.IPv6_CIDR", "is_valid": "yes", "objects": [ { "attribute": "IP_PLUS_CONFIG", "object_name": "159_IP_object", "object_id": 150, "regions": [ { "table_type":"ip", "table_name": "IP_PLUS_CONFIG", "table_content": { "ip": "2001:db8::/120" } } ] } ] }, { "rule_id": 160, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "AttributeWithOnePhysical", "is_valid": "yes", "objects": [ { "attribute": "HTTP_RESPONSE_KEYWORDS", "object_name": "TakeMeHome", "negate_option": 0 }, { "attribute": "HTTP_URL", "object_name": "160_url_object", "object_id": 151, "negate_option": 0, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "https://blog.csdn.net/littlefang/article/details/8213058", "expr_type": "and" } } ] } ] }, { "rule_id": 161, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "attribute_test_temp", "is_valid": "yes", "objects": [ { "attribute": "HTTP_SIGNATURE", "object_name": "vt_grp_http_sig1", "object_id": 152, "negate_option": 0, "regions": [ { "table_name": "HTTP_SIGNATURE", "table_type": "expr_plus", "table_content": { "district": "User-Agent", "keywords": "Chrome/78.0.3904.108", "expr_type": "and" } } ] }, { "attribute": "HTTP_SIGNATURE", "object_name": "vt_grp_http_sig2", "object_id": 153, "negate_option": 0, "regions": [ { "table_name": "HTTP_SIGNATURE", "table_type": "expr_plus", "table_content": { "district": "Cookie", "keywords": "uid=12345678", "expr_type": "and" } }, { "table_name": "HTTP_SIGNATURE", "table_type": "expr_plus", "table_content": { "district": "Cookie", "keywords": "sessionid=888888", "expr_type": "and" } } ] } ] }, { "rule_id": 162, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "AttributeWithAttribute", "is_valid": "yes", "objects": [ { "attribute": "HTTP_REQUEST_HEADER", "object_name": "vt_grp_http_sig1", "negate_option": 0 }, { "attribute": "HTTP_RESPONSE_HEADER", "object_name": "vt_grp_http_sig2", "negate_option": 0 } ] }, { "rule_id": 163, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "OneObjectInTwoAttribute", "is_valid": "yes", "objects": [ { "attribute": "HTTP_REQUEST_HEADER", "object_name": "vt_grp_http_sig2", "negate_option": 0 }, { "attribute": "HTTP_RESPONSE_HEADER", "object_name": "vt_grp_http_sig2", "negate_option": 0 } ] }, { "rule_id": 164, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "CharsetWindows1251", "is_valid": "yes", "objects": [ { "attribute": "KEYWORDS_TABLE", "object_name": "164_keywords_object", "object_id": 154, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": ">ЗАО «Севергазвтоматика АйС»<", "expr_type": "and" } } ] } ] }, { "rule_id": 165, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "EvaluationOrder", "is_valid": "yes", "evaluation_order": "2.111", "objects": [ { "attribute": "HTTP_URL", "object_name": "165_url_object", "object_id": 155, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "cavemancircus.com/", "expr_type": "and" } } ] }, { "attribute": "IP_PLUS_CONFIG", "object_name": "165_IP_object", "object_id": 156, "negate_option": 0, "regions": [ { "table_type":"ip", "table_name": "IP_PLUS_CONFIG", "table_content": { "ip": "192.168.23.1/24" } } ] } ] }, { "rule_id": 166, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "EvaluationOrder", "is_valid": "yes", "evaluation_order": "100.233", "objects": [ { "attribute": "HTTP_URL", "object_name": "166_url_object", "object_id": 157, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "2019/12/27/pretty-girls-6", "expr_type": "and" } } ] } ] }, { "rule_id": 167, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "EvaluationOrder", "is_valid": "yes", "evaluation_order": "300.999", "objects": [ { "attribute": "HTTP_URL", "object_name": "167_url_object", "object_id": 158, "condition_index": 1, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "2019/12/27", "expr_type": "and" } } ] }, { "attribute": "HTTP_URL", "object_name": "167_url_object", "object_id": 158, "condition_index": 3 } ] }, { "rule_id": 168, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "EvaluationOrder", "is_valid": "yes", "evaluation_order": "0", "objects": [ { "attribute": "HTTP_URL", "object_name": "167_url_object", "object_id": 158, "condition_index": 2 }, { "attribute": "HTTP_URL", "object_name": "167_url_object", "object_id": 158, "condition_index": 6 } ] }, { "rule_id": 169, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "IPScan.IPv4_Any", "is_valid": "yes", "objects": [ { "attribute": "IP_PLUS_CONFIG", "object_name": "169_IP_object", "object_id": 160, "condition_index": 0, "negate_option" : 0, "regions": [ { "table_type":"ip", "table_name": "IP_PLUS_CONFIG", "table_content": { "ip": "100.64.3.1/32" } } ] } ] }, { "rule_id": 170, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "IPScan.IPv4_attribute.source", "is_valid": "no", "objects": [ { "attribute": "IP_PLUS_CONFIG", "object_name": "ipv4_attribute.source", "object_id": 161, "negate_option": 0, "regions": [ { "table_type":"ip", "table_name": "IP_PLUS_CONFIG", "table_content": { "ip": "192.168.40.10/32" } } ] } ] }, { "rule_id": 171, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "IPScan.IPv4_attribute.destination", "is_valid": "no", "objects": [ { "attribute": "IP_PLUS_CONFIG", "object_name": "ipv4_attribute.destination", "object_id": 162, "negate_option": 0, "regions": [ { "table_type":"ip", "table_name": "IP_PLUS_CONFIG", "table_content": { "ip": "192.168.231.46/32" } } ] } ] }, { "rule_id": 177, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "NOTLogic.MultiObjectsInOneNotCondition", "is_valid": "yes", "objects": [ { "attribute": "ASN_NOT_LOGIC", "object_name": ["ASN1234", "ASN6789", "ASN9001"], "negate_option": 1, "condition_index": 0 }, { "attribute": "DESTINATION_IP_ASN", "object_name": "ASN2345", "negate_option": 0, "condition_index": 1 } ] }, { "rule_id": 178, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "Hierarchy.MultiObjectInOneCondition", "is_valid": "yes", "objects": [ { "attribute": "SOURCE_IP_ASN", "object_name": ["ASN1234", "ASN6789", "ASN9001"], "negate_option": 0, "condition_index": 0 }, { "attribute": "DESTINATION_IP_ASN", "object_name": "ASN2345", "negate_option": 0, "condition_index": 1 } ] }, { "rule_id": 179, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "anything", "is_valid": "yes", "objects": [ { "attribute": "INTERGER_PLUS", "object_name": "179_interval_object", "object_id": 166, "regions": [ { "table_name": "INTERGER_PLUS", "table_type": "interval_plus", "table_content": { "district": "interval.plus", "interval": "2020" } } ] } ] }, { "rule_id": 180, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "Hierarchy.MultiObjectInOneCondition", "is_valid": "yes", "objects": [ { "attribute": "SOURCE_IP_ASN", "object_name": ["ASN1234", "ASN6789", "ASN9001"], "negate_option": 0, "condition_index": 0 }, { "attribute": "SOURCE_IP_GEO", "object_name": "Country-Sparta-IP", "negate_option": 0, "condition_index": 0 }, { "attribute": "IP_CONFIG", "object_name": "financial-department-ip", "negate_option": 0, "condition_index": 1 } ] }, { "rule_id": 181, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "NOTLogic.MultiLiteralsInOneNotCondition", "is_valid": "yes", "objects": [ { "attribute": "SOURCE_IP_ASN", "object_name": ["ASN1234", "ASN6789", "ASN9001"], "negate_option": 1, "condition_index": 0 }, { "attribute": "IP_PLUS_CONFIG", "object_name": "develop-department-ip", "negate_option": 1, "condition_index": 0 }, { "attribute": "SOURCE_IP_GEO", "object_name": "Country-Sparta-IP", "negate_option": 0, "condition_index": 1 } ] }, { "rule_id": 182, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "8-expr", "is_valid": "yes", "objects": [ { "attribute": "KEYWORDS_TABLE", "object_name": "182_keywords_object", "object_id": 167, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "string1&string2&string3&string4&string5&string6&string7&string8", "expr_type": "and" } } ] } ] }, { "rule_id": 184, "user_region": "APP_ID=6006740;Liumengyan-Bugreport-20210515", "description": "Hulu", "is_valid": "yes", "do_blacklist": 0, "do_log": 0, "action": 0, "service": 0, "objects": [ { "attribute": "IP_CONFIG", "object_name": "184_IP_object", "object_id": 169, "regions": [ { "table_name": "IP_CONFIG", "table_type":"ip", "table_content": { "ip": "::/128" } } ] } ] }, { "rule_id": 185, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "NOTLogic.SameAttributeInMultiCondition", "is_valid": "yes", "objects": [ { "attribute": "DESTINATION_IP_ASN", "object_name": ["ASN1234", "ASN6789", "ASN9001"], "negate_option": 1, "condition_index": 0 }, { "attribute": "SOURCE_IP_GEO", "object_name": "Country-Sparta-IP", "negate_option": 1, "condition_index": 0 }, { "attribute": "DESTINATION_IP_ASN", "object_name": "ASN9002", "negate_option": 1, "condition_index": 1 }, { "attribute": "DESTINATION_IP_ASN", "object_name": "ASN9003", "negate_option": 0, "condition_index": 2 }, { "attribute": "IP_PLUS_CONFIG", "object_name": "security-department-ip", "negate_option": 0, "condition_index": 3 } ] }, { "rule_id": 186, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "NOTLogic.ScanHitAtLast", "is_valid": "yes", "objects": [ { "attribute": "HTTP_URL_FILTER", "object_name": "186_expr_object", "object_id": 170, "negate_option": 1, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "must-not-contained-string-of-rule-186", "expr_type": "and" } } ] }, { "attribute": "IP_PLUS_CONFIG", "object_name": "186_IP_object", "object_id": 171, "negate_option": 0, "regions": [ { "table_type":"ip", "table_name": "IP_PLUS_CONFIG", "table_content": { "ip": "10.0.8.186" } } ] } ] }, { "rule_id": 187, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "NOTLogic.ScanHitAtLast", "is_valid": "yes", "objects": [ { "attribute": "HTTP_URL_FILTER", "object_name": "187_url_object", "object_id": 172, "negate_option": 1, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "must-not-contained-string-of-rule-187", "expr_type": "and" } } ] }, { "attribute": "IP_PLUS_CONFIG", "object_name": "187_IP_object", "object_id": 173, "negate_option": 0, "regions": [ { "table_type":"ip", "table_name": "IP_PLUS_CONFIG", "table_content": { "ip": "10.0.8.187" } } ] } ] }, { "rule_id": 188, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "NOTLogic.ScanHitAtLast", "is_valid": "yes", "objects": [ { "attribute": "HTTP_URL_FILTER", "object_name": "188_url_object", "object_id": 174, "negate_option": 1, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "must-not-contained-string-of-rule-188", "expr_type": "and" } } ] }, { "attribute": "IP_PLUS_CONFIG", "object_name": "188_IP_object", "object_id": 175, "negate_option": 0, "regions": [ { "table_type":"ip", "table_name": "IP_PLUS_CONFIG", "table_content": { "ip": "10.0.8.188" } } ] } ] }, { "rule_id": 189, "is_valid": "yes", "do_log": 0, "action": 0, "service": 0, "do_blacklist": 0, "user_region": "StringScan.ShouldNotHitExprPlus", "objects": [ { "attribute": "APP_PAYLOAD", "object_name": "189_app_object", "object_id": 176, "regions": [ { "table_name": "APP_PAYLOAD", "table_type": "expr_plus", "table_content": { "district": "tcp.payload.c2s_first_data", "keywords": "|ab00|", "expr_type": "and" } } ] } ] }, { "rule_id": 190, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "StringScan.ExprPlus", "is_valid": "yes", "objects": [ { "attribute": "HTTP_SIGNATURE", "object_name": "190_expr_object", "object_id": 177, "regions": [ { "table_name": "HTTP_SIGNATURE", "table_type": "expr_plus", "table_content": { "district": "我的DistrIct", "keywords": "addis&sapphire", "expr_type": "and" } } ] } ] }, { "rule_id": 191, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "StringScan.HexBinCaseSensitive", "is_valid": "yes", "objects": [ { "attribute": "KEYWORDS_TABLE", "object_name": "191_keywords_object", "object_id": 178, "regions": [ { "table_type": "expr", "table_name": "KEYWORDS_TABLE", "table_content": { "keywords": "|54455354|", "expr_type": "and" } } ] } ] }, { "rule_id": 192, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "anything", "is_valid": "yes", "objects": [ { "attribute": "FLAG_CONFIG", "object_name": "192_flag_object", "object_id": 179, "regions": [ { "table_type": "flag", "table_name": "FLAG_CONFIG", "table_content": { "flag": 1, "flag_mask": 3 } } ] } ] }, { "rule_id": 193, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "anything", "is_valid": "yes", "objects": [ { "attribute": "FLAG_CONFIG", "object_name": "193_flag_object", "object_id": 180, "regions": [ { "table_type": "flag", "table_name": "FLAG_CONFIG", "table_content": { "flag": 2, "flag_mask": 3 } } ] }, { "attribute": "HTTP_URL", "object_name": "193_url_object", "object_id": 181, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "hello", "expr_type": "and" } } ] } ] }, { "rule_id": 194, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "anything", "is_valid": "yes", "objects": [ { "attribute": "FLAG_CONFIG", "object_name": "194_flag_object", "object_id": 182, "regions": [ { "table_type": "flag", "table_name": "FLAG_CONFIG", "table_content": { "flag": 21, "flag_mask": 31 } } ] } ] }, { "rule_id": 195, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "anything", "is_valid": "yes", "objects": [ { "attribute": "HTTP_SIGNATURE", "object_name": "195_signature_object", "object_id": 183, "regions": [ { "table_name": "HTTP_SIGNATURE", "table_type": "expr_plus", "table_content": { "district": "I love China", "keywords": "today&yesterday", "expr_type": "and" } } ] }, { "attribute": "HTTP_URL", "object_name": "195_url_object", "object_id": 184, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "Monday", "expr_type": "and" } } ] } ] }, { "rule_id": 196, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "anything", "is_valid": "yes", "objects": [ { "attribute": "FLAG_PLUS_CONFIG", "object_name": "196_flag_object", "object_id": 185, "regions": [ { "table_type": "flag_plus", "table_name": "FLAG_PLUS_CONFIG", "table_content": { "district": "I love China", "flag": 30, "flag_mask": 14 } } ] } ] }, { "rule_id": 197, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "Something:I\\bhave\\ba\\bname,8866", "is_valid": "yes", "objects": [ { "attribute": "HTTP_URL", "object_name": "197_url_object", "object_id": 186, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "hqdefault.jpg", "expr_type": "and" } } ] } ] }, { "rule_id": 198, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "Something:I have a name,7799", "rule_table_name": "RULE_FIREWALL_DEFAULT", "is_valid": "yes", "objects": [ { "g2c_table_name": "OBJECT2RULE_FIREWALL", "attribute": "HTTP_URL", "object_name": "198_url_object", "object_id": 187, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "firewall", "expr_type": "and" } } ] } ] }, { "rule_id": 199, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "ExcludeLogic.ScanNotAtLast", "is_valid": "yes", "objects": [ { "attribute": "HTTP_URL", "object_name": "ExcludeLogicObject199", "object_id": 188, "sub_objects":[ { "object_name": "ExcludeLogicObject199_1", "object_id": 189, "is_exclude": 0, "condition_index": 0, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "must-contained-string-of-rule-199", "expr_type": "and" } } ] }, { "object_name": "ExcludeLogicObject199_2", "object_id": 190, "is_exclude": 1, "condition_index": 0, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "must-not-contained-string-of-rule-199", "expr_type": "and" } } ] } ] } ] }, { "rule_id": 200, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "ExcludeLogic.OneRegion", "is_valid": "yes", "objects": [ { "attribute": "HTTP_URL", "object_name": "ExcludeLogicObject200", "object_id": 191, "sub_objects":[ { "attribute": "HTTP_URL", "object_name": "ExcludeLogicObject200_1", "object_id": 192, "is_exclude": 0, "condition_index": 0, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "must-contained-string-of-rule-200", "expr_type": "and" } } ] }, { "attribute": "HTTP_URL", "object_name": "ExcludeLogicObject200_2", "object_id": 193, "is_exclude": 1, "condition_index": 0, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "must-not-contained-string-of-rule-200", "expr_type": "and" } } ] } ] } ] }, { "rule_id": 202, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "null", "is_valid": "yes", "objects": [ { "attribute": "ATTRIBUTE_IP_PLUS_TABLE", "object_name": "ExcludeLogicObject202", "object_id": 194, "condition_index": 0, "sub_objects":[ { "object_name": "ExcludeLogicObject202_1", "object_id": 195, "is_exclude": 0, "regions": [ { "table_type":"ip", "table_name": "IP_PLUS_CONFIG", "table_content": { "ip": "100.64.1.0-100.64.1.20" } } ] }, { "object_name": "ExcludeLogicObject202_2", "object_id": 196, "is_exclude": 1, "regions": [ { "table_type":"ip", "table_name": "IP_PLUS_CONFIG", "table_content": { "ip": "100.64.1.6-100.64.1.10" } } ] }, { "object_name": "ExcludeLogicObject202_3", "object_id": 197, "is_exclude": 1, "regions": [ { "table_type":"ip", "table_name": "IP_PLUS_CONFIG", "table_content": { "ip": "100.64.1.11-100.64.1.20" } } ] } ] } ] }, { "rule_id": 203, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "null", "is_valid": "yes", "objects": [ { "attribute": "ATTRIBUTE_IP_PLUS_SOURCE", "object_name": "ExcludeLogicObject203_1", "object_id": 198, "condition_index": 0, "regions": [ { "table_name": "IP_PLUS_CONFIG", "table_type":"ip", "table_content": { "ip": "192.168.50.43-192.168.50.43" } } ] }, { "attribute": "ATTRIBUTE_IP_PLUS_DESTINATION", "object_name": "ExcludeLogicObject203_2", "object_id": 199, "condition_index": 1, "regions": [ { "table_name": "IP_PLUS_CONFIG", "table_type":"ip", "table_content": { "ip": "47.92.108.93-47.92.108.93" } } ] }, { "attribute": "HTTP_RESPONSE_KEYWORDS", "object_name": "ExcludeLogicObject203_3", "object_id": 200, "condition_index": 2, "sub_objects": [ { "object_name": "ExcludeLogicObject203_3_1", "object_id": 201, "is_exclude": 0, "regions": [ { "table_type":"expr", "table_name":"KEYWORDS_TABLE", "table_content":{ "keywords":"jianshu.com$", "expr_type":"and" } } ] }, { "object_name": "ExcludeLogicObject203_3_2", "object_id": 202, "is_exclude": 1, "regions": [ { "table_type":"expr", "table_name":"KEYWORDS_TABLE", "table_content":{ "keywords":"^www.jianshu.com$", "expr_type":"and" } } ] } ] } ] }, { "rule_id": 204, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "null", "is_valid": "yes", "objects": [ { "attribute": "ATTRIBUTE_IP_PLUS_SOURCE", "object_name": "ExcludeLogicObject204_1", "object_id": 203, "condition_index": 0, "regions": [ { "table_name": "IP_PLUS_CONFIG", "table_type":"ip", "table_content": { "ip": "100.64.2.0-100.64.2.5" } } ] }, { "attribute": "ATTRIBUTE_IP_PLUS_DESTINATION", "object_name": "ExcludeLogicObject204_2", "object_id":204, "condition_index": 1, "regions": [ { "table_name": "IP_PLUS_CONFIG", "table_type":"ip", "table_content": { "ip": "100.64.2.6-100.64.2.10" } } ] }, { "attribute": "HTTP_RESPONSE_KEYWORDS", "object_name": "ExcludeLogicObject204_3", "object_id": 205, "condition_index": 2, "sub_objects": [ { "object_name": "ExcludeLogicObject204_3_1", "object_id": 206, "is_exclude": 0, "sub_objects" : [ { "object_name": "ExcludeLogicObject204_3_1_1", "object_id": 207, "is_exclude": 0, "regions": [ { "table_type":"expr", "table_name":"KEYWORDS_TABLE", "table_content":{ "keywords":"baidu.com$", "expr_type":"and" } } ] }, { "object_name": "ExcludeLogicObject204_3_1_2", "object_id": 208, "is_exclude": 1, "regions": [ { "table_type":"expr", "table_name":"KEYWORDS_TABLE", "table_content":{ "keywords":"^www.baidu.com$", "expr_type":"and" } } ] } ] }, { "object_name": "ExcludeLogicObject204_3_2", "object_id": 209, "is_exclude": 1, "regions": [ { "table_type":"expr", "table_name":"KEYWORDS_TABLE", "table_content":{ "keywords":"^mail.baidu.com$", "expr_type":"and" } } ] } ] } ] }, { "rule_id": 205, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "StringScan.RegexExpressionIllegal", "is_valid": "yes", "objects": [ { "attribute": "KEYWORDS_TABLE", "object_name": "205_keywords_object", "object_id": 210, "regions": [ { "table_type": "expr", "table_name": "KEYWORDS_TABLE", "table_content": { "keywords": "123^456", "expr_type": "regex" } } ] } ] }, { "rule_id": 206, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "duplicateRuleFor191", "is_valid": "yes", "objects": [ { "attribute": "KEYWORDS_TABLE", "object_name": "206_keywords_object", "object_id": 211, "regions": [ { "table_type": "expr", "table_name": "KEYWORDS_TABLE", "table_content": { "keywords": "|54455354|", "expr_type": "and" } } ] } ] }, { "rule_id": 207, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "duplicateRuleFor192", "is_valid": "yes", "objects": [ { "attribute": "FLAG_CONFIG", "object_name": "207_flag_object", "object_id": 212, "regions": [ { "table_type": "flag", "table_name": "FLAG_CONFIG", "table_content": { "flag": 1, "flag_mask": 3 } } ] } ] }, { "rule_id": 208, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "duplicateRuleFor154", "is_valid": "yes", "objects": [ { "attribute": "IP_PLUS_CONFIG", "object_name": "208_IP_object", "object_id": 213, "negate_option": 0, "regions": [ { "table_type":"ip", "table_name": "IP_PLUS_CONFIG", "table_content": { "ip": "10.0.7.100-10.0.7.106" } } ] } ] }, { "rule_id": 209, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "duplicateRuleFor179", "is_valid": "yes", "objects": [ { "attribute": "INTERGER_PLUS", "object_name": "209_interval_object", "object_id": 214, "regions": [ { "table_name": "INTERGER_PLUS", "table_type": "interval_plus", "table_content": { "district": "interval.plus", "interval": "2020" } } ] } ] }, { "rule_id": 210, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "ipv6_::", "is_valid": "yes", "objects": [ { "attribute": "IP_PLUS_CONFIG", "object_name": "210_IP_object", "object_id": 215, "regions": [ { "table_type":"ip", "table_name": "IP_PLUS_CONFIG", "table_content": { "ip": "::/0" } } ] } ] }, { "rule_id": 211, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "ip_perf_test", "is_valid": "yes", "objects": [ { "attribute": "IP_PERF_CONFIG", "object_name": "211_IP_object", "object_id": 216, "negate_option": 0, "regions": [ { "table_type":"ip", "table_name": "IP_PERF_CONFIG", "table_content": { "ip": "10.0.0.1-10.0.0.6" } } ] } ] }, { "rule_id": 212, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "integer_perf_test", "is_valid": "yes", "objects": [ { "attribute": "INTEGER_PERF_CONFIG", "object_name": "212_interval_object", "object_id": 217, "regions": [ { "table_name": "INTEGER_PERF_CONFIG", "table_type": "interval", "table_content": { "interval": "3000" } } ] } ] }, { "rule_id": 213, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "expr_perf_test", "is_valid": "yes", "objects": [ { "attribute": "EXPR_LITERAL_PERF_CONFIG", "object_name": "213_expr_object", "object_id": 218, "regions": [ { "table_name": "EXPR_LITERAL_PERF_CONFIG", "table_type": "expr", "table_content": { "keywords": "today&yesterday", "expr_type": "and" } } ] } ] }, { "rule_id": 214, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "flag_perf_test", "is_valid": "yes", "objects": [ { "attribute": "FLAG_PERF_CONFIG", "object_name": "214_flag_object", "object_id": 219, "regions": [ { "table_type": "flag", "table_name": "FLAG_PERF_CONFIG", "table_content": { "flag": 15, "flag_mask": 15 } } ] } ] }, { "rule_id": 215, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "expr_perf_test", "is_valid": "yes", "objects": [ { "attribute": "EXPR_REGEX_PERF_CONFIG", "object_name": "215_expr_object", "object_id": 220, "regions": [ { "table_name": "EXPR_REGEX_PERF_CONFIG", "table_type": "expr", "table_content": { "keywords": "action=search\\&query=(.*)", "expr_type": "regex" } } ] } ] }, { "rule_id": 216, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "NOTCondition&ExcludeObject", "is_valid": "yes", "objects": [ { "attribute": "HTTP_URL_FILTER", "object_name": "ExcludeLogicObject200", "negate_option": 0, "condition_index": 0 }, { "attribute": "HTTP_RESPONSE_KEYWORDS", "object_name": "NOTConditionAndExcludeObject216", "object_id": 221, "negate_option": 1, "condition_index": 1, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "keywords-for-rule-211", "expr_type": "and" } } ] } ] }, { "rule_id": 217, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "NOTCondition&ExcludeObject", "is_valid": "yes", "objects": [ { "attribute": "HTTP_URL_FILTER", "object_name": "NOTConditionAndExcludeObject217_1", "object_id": 222, "negate_option": 1, "condition_index": 0, "sub_objects": [ { "object_name": "ExcludeLogicObject217_1_1", "object_id": 223, "is_exclude": 0, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "string-of-rule-217.com$", "expr_type": "and" } } ] }, { "object_name": "ExcludeLogicObject217_1_2", "object_id": 224, "is_exclude": 1, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "www.string-of-rule-217.com", "expr_type": "and" } } ] } ] }, { "attribute": "HTTP_RESPONSE_KEYWORDS", "object_name": "NOTConditionAndExcludeObject217_2", "object_id": 225, "negate_option": 0, "condition_index": 1, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "keywords-for-rule-217", "expr_type": "and" } } ] } ] }, { "rule_id": 218, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "anything", "is_valid": "yes", "objects": [ { "attribute": "CONTENT_SIZE", "object_name": "218_interval_object", "object_id": 226, "regions": [ { "table_name": "CONTENT_SIZE", "table_type": "interval", "table_content": { "interval": "3000" } } ] } ] }, { "rule_id": 219, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "anything", "is_valid": "yes", "objects": [ { "attribute": "HTTP_DUMMY", "object_name": "NOTConditionAndExcludeObject219_1", "object_id": 227, "negate_option": 0, "condition_index": 0, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "keywords-dummy-219-1", "expr_type": "and" } } ] }, { "attribute": "HTTP_DUMMY", "object_name": "NOTConditionAndExcludeObject219_2", "object_id": 228, "negate_option": 1, "condition_index": 1, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "keywords-dummy-219-2", "expr_type": "and" } } ] }, { "attribute": "HTTP_DUMMY", "object_name": "NOTConditionAndExcludeObject219_3", "object_id": 229, "negate_option": 1, "condition_index": 2, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "keywords-dummy-219-3", "expr_type": "and" } } ] }, { "attribute": "HTTP_DUMMY", "object_name": "NOTConditionAndExcludeObject219_4", "object_id": 230, "negate_option": 1, "condition_index": 3, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "keywords-dummy-219-4", "expr_type": "and" } } ] }, { "attribute": "HTTP_DUMMY", "object_name": "NOTConditionAndExcludeObject219_5", "object_id": 231, "negate_option": 1, "condition_index": 4, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "keywords-dummy-219-5", "expr_type": "and" } } ] }, { "attribute": "HTTP_DUMMY", "object_name": "NOTConditionAndExcludeObject219_6", "object_id": 232, "negate_option": 1, "condition_index": 5, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "keywords-dummy-219-6", "expr_type": "and" } } ] }, { "attribute": "HTTP_DUMMY", "object_name": "NOTConditionAndExcludeObject219_7", "object_id": 233, "negate_option": 1, "condition_index": 6, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "keywords-dummy-219-7", "expr_type": "and" } } ] }, { "attribute": "HTTP_DUMMY", "object_name": "NOTConditionAndExcludeObject219_8", "object_id": 234, "negate_option": 1, "condition_index": 7, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "keywords-dummy-219-8", "expr_type": "and" } } ] } ] }, { "rule_id": 220, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "anything", "is_valid": "yes", "objects": [ { "attribute": "HTTP_DUMMY", "object_name": "NOTConditionAndExcludeObject220_1", "object_id": 235, "negate_option": 0, "condition_index": 0, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "keywords-dummy-220-1", "expr_type": "and" } } ] }, { "attribute": "HTTP_DUMMY", "object_name": "NOTConditionAndExcludeObject220_2", "object_id": 236, "negate_option": 1, "condition_index": 1, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "keywords-dummy-220-2", "expr_type": "and" } } ] }, { "attribute": "HTTP_DUMMY", "object_name": "NOTConditionAndExcludeObject220_3", "object_id": 237, "negate_option": 1, "condition_index": 2, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "keywords-dummy-220-3", "expr_type": "and" } } ] } ] }, { "rule_id": 221, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "NOTLogic.ScanWithDistrict", "is_valid": "yes", "objects": [ { "attribute": "HTTP_REQUEST_HEADER", "object_name": "NOTLogicObject_221_1", "object_id": 238, "negate_option": 1, "regions": [ { "table_name": "HTTP_SIGNATURE", "table_type": "expr_plus", "table_content": { "district": "User-Agent", "keywords": "Mozilla/5.0", "expr_type": "and" } } ] }, { "attribute": "HTTP_URL", "object_name": "NOTLogicObject_221_2", "object_id": 239, "negate_option": 0, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "scan_with_district_221", "expr_type": "and" } } ] } ] }, { "rule_id": 222, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "NOTLogic.SingleNotCondition", "is_valid": "yes", "objects": [ { "attribute": "HTTP_NOT_LOGIC_1", "object_name": "NOTLogicObject_222", "object_id": 240, "negate_option": 1, "condition_index": 0, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "not_logic_keywords_222", "expr_type": "and" } } ] } ] }, { "rule_id": 223, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "NOTLogic.MultiNotCondition", "is_valid": "yes", "objects": [ { "attribute": "HTTP_NOT_LOGIC", "object_name": "NOTLogicObject_223_1", "object_id": 241, "negate_option": 1, "condition_index": 0, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "not_logic_rule_223_1", "expr_type": "and" } } ] }, { "attribute": "HTTP_NOT_LOGIC", "object_name": "NOTLogicObject_223_2", "object_id": 242, "negate_option": 1, "condition_index": 1, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "not_logic_rule_223_2", "expr_type": "and" } } ] }, { "attribute": "HTTP_NOT_LOGIC", "object_name": "NOTLogicObject_223_1", "object_id": 243, "negate_option": 1, "condition_index": 2, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "not_logic_rule_223_3", "expr_type": "and" } } ] } ] }, { "rule_id": 224, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "NOTLogic.NotPhysicalTable", "is_valid": "yes", "objects": [ { "attribute": "KEYWORDS_TABLE", "object_name": "NOTLogicObject_224_1", "object_id": 244, "negate_option": 1, "condition_index": 0, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "not_logic_rule_224_1", "expr_type": "and" } } ] }, { "attribute": "HTTP_RESPONSE_KEYWORDS", "object_name": "NOTLogicObject_224_2", "object_id": 245, "negate_option": 0, "condition_index": 1, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "not_logic_rule_224_2", "expr_type": "and" } } ] } ] }, { "rule_id": 225, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "Payload escape", "is_valid": "yes", "objects": [ { "attribute": "KEYWORDS_TABLE", "object_name": "EscapeObject_225_1", "object_id": 246, "negate_option": 0, "condition_index": 0, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "GET / HTTP/1.1\\r\\nHost: www.baidu.com\\r\\n\\r\\n", "expr_type": "and" } } ] } ] }, { "rule_id": 226, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "maat_scan_object", "is_valid": "yes", "objects": [ { "attribute": "KEYWORDS_TABLE", "object_name": "226_url_object", "object_id":247 } ] }, { "rule_id": 227, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "maat_scan_object", "rule_table_name": "RULE_FIREWALL_DEFAULT", "is_valid": "yes", "objects": [ { "attribute": "KEYWORDS_TABLE", "object_name": "227_url_object", "object_id": 248, "g2c_table_name": "OBJECT2RULE_FIREWALL" } ] }, { "rule_id": 228, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "NotConditionHitPath", "is_valid": "yes", "objects": [ { "attribute": "HTTP_URL", "object_name": "228_url_object", "object_id": 249, "negate_option": 0, "condition_index": 1, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "youtube.com", "expr_type": "and" } } ] }, { "attribute": "ATTRIBUTE_IP_CONFIG", "object_name": "228_IP_object", "object_id": 250, "negate_option": 1, "condition_index": 2, "regions": [ { "table_name": "IP_CONFIG", "table_type":"ip", "table_content": { "ip": "192.168.101.102/32" } } ] } ] }, { "rule_id": 229, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "StringScan.Regex", "is_valid": "yes", "objects": [ { "attribute": "HTTP_URL", "object_name": "229_url_object", "object_id": 251, "regions": [ { "table_name": "HTTP_URL", "table_type": "expr", "table_content": { "keywords": "\u00C9", "expr_type": "regex" } } ] } ] }, { "rule_id": 230, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "ipv6_::", "is_valid": "yes", "objects": [ { "attribute": "IP_PLUS_CONFIG", "object_name": "230_IP_object", "object_id": 256, "regions": [ { "table_type":"ip", "table_name": "IP_PLUS_CONFIG", "table_content": { "ip": "2607:5d00:2:2::32:28/128", "port":"80-443" } } ] } ] }, { "rule_id": 231, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "should_not_hit", "is_valid": "yes", "objects": [ { "attribute": "IP_PLUS_CONFIG", "object_name": "231_IP_object", "object_id": 257, "regions": [ { "table_type":"ip", "table_name": "IP_PLUS_CONFIG", "table_content": { "ip": "2607:5d00:2:2::32:28/128", "port":"80" } } ] } ] }, { "rule_id": 232, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "should_not_hit", "is_valid": "yes", "objects": [ { "attribute": "IP_PLUS_CONFIG", "object_name": "232_IP_object", "object_id": 258, "regions": [ { "table_type":"ip", "table_name": "IP_PLUS_CONFIG", "table_content": { "ip": "192.168.30.44/32", "port": "80" } } ] } ] }, { "rule_id": 233, "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "maat_scan_object", "is_valid": "yes", "objects": [ { "attribute": "HTTP_RESPONSE_KEYWORDS", "object_name": "233_url_object", "object_id": 259 } ] }, { "rule_id": 234, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "Payload escape", "is_valid": "yes", "objects": [ { "attribute": "KEYWORDS_TABLE", "object_name": "EscapeObject_234_1", "object_id": 260, "negate_option": 0, "condition_index": 0, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "html>\\\\r\\\\n", "expr_type": "and" } } ] } ] }, { "rule_id": 235, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "Payload escape", "is_valid": "yes", "objects": [ { "attribute": "KEYWORDS_TABLE", "object_name": "EscapeObject_235_1", "object_id": 261, "negate_option": 0, "condition_index": 0, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { "keywords": "\\(\\)abc\\^\\$def\\|", "expr_type": "and" } } ] } ] }, { "rule_id": 236, "service": 0, "action": 0, "do_blacklist": 0, "do_log": 0, "user_region": "StringScan.HexBinCombineString", "is_valid": "yes", "objects": [ { "attribute": "KEYWORDS_TABLE", "object_name": "236_keywords_object", "object_id": 262, "regions": [ { "table_type": "expr", "table_name": "KEYWORDS_TABLE", "table_content": { "keywords": "cd |6162|", "expr_type": "and" } } ] } ] } ], "plugin_table": [ { "table_name": "QD_ENTRY_INFO", "table_content": [ "1\t192.168.0.1\t101\t1", "2\t192.168.0.2\t102\t1", "3\t192.168.1.1\t103\t1" ] }, { "table_name": "TEST_PLUGIN_TABLE", "table_content": [ "1\t3388\t99\t1", "2\t3355\t66\t1", "3\tcccc\t11\t1" ] }, { "table_name": "TEST_PLUGIN_EXDATA_TABLE", "table_content": [ "1\tHeBei\tShijiazhuang\t1\t0", "2\tHeNan\tZhengzhou\t1\t0", "3\tShanDong\tJinan\t1\t0", "4\tShanXi\tTaiyuan\t1\t0" ] }, { "table_name": "TEST_EFFECTIVE_RANGE_TABLE", "table_content": [ "1\tSUCCESS\t99\t1\t{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"移动\"]}]]}\t1111", "2\tSUCCESS\t66\t1\t0\t222", "3\tFAILED\t11\t1\t{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\",\"上海/浦东/陆家嘴\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"联通\"]}],[{\"tag\":\"location\",\"value\":[\"北京\"]},{\"tag\":\"isp\",\"value\":[\"联通\"]}]]}\t333", "4\tSUCCESS\t66\t1\t{}\t444", "5\tSUCCESS\t66\t1\t{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京\"]}]]}\t444", "6\tSUCCESS\t66\t1\t{\"tag_sets\":[[{\"tag\":\"weather\",\"value\":[\"hot\"]}]]}\t444" ] }, { "table_name": "IR_INTERCEPT_IP", "table_content": [ "1000000130\t1000000130\t4\t192.168.10.99\t255.255.255.255\t0\t65535\t0.0.0.0\t255.255.255.255\t0\t65535\t0\t1\t1\t96\t1\tuser_region\t{}\t2019/1/24/18:0:34", "161\t161\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t61.135.169.121\t255.255.255.255\t0\t65535\t0\t0\t1\t96\t832\t0\t0\t2019/1/24/18:48:42" ] }, { "table_name": "TEST_IP_PLUGIN_WITH_EXDATA", "table_content": [ "101\t4\t192.168.30.99-192.168.30.101\tSomething-like-json\t1", "102\t4\t192.168.30.90-192.168.30.128\tBigger-range-should-in-the-back\t1", "103\t6\t2001:db8:1234::-2001:db8:1235::\tBigger-range-should-in-the-back\t1", "104\t6\t2001:db8:1234::1-2001:db8:1234::5210\tSomething-like-json\t1", "105\t6\t2620:100:3000::-2620:0100:30ff:ffff:ffff:ffff:ffff:ffff\tBugreport-liumengyan-20210517\t1" ] }, { "table_name": "TEST_IPPORT_PLUGIN_WITH_EXDATA", "table_content": [ "101\t4\t192.168.100.1\t0\t255\t1", "102\t4\t192.168.100.2\t100\t200\t1", "103\t4\t192.168.100.1\t255\t300\t1", "104\t6\t2001:db8:1234::5210\t255\t512\t1" ] }, { "table_name": "TEST_FQDN_PLUGIN_WITH_EXDATA", "table_content": [ "201\twww.example1.com\tcatid=1\t1", "202\t*.example1.com\tcatid=1\t1", "203\tnews.example1.com\tcatid=2\t1", "204\tr3---sn-i3belne6.example2.com\tcatid=3\t1", "205\tr3---sn-i3belne6.example2.com\tcatid=3\t1" ] }, { "table_name": "TEST_BOOL_PLUGIN_WITH_EXDATA", "table_content": [ "301\t1&2&1000\ttunnel1\t1", "302\t101&102\ttunnel2\t1", "303\t102\ttunnel3\t1", "304\t101\ttunnel4\t1", "305\t0&1&2&3&4&5&6&7\ttunnel5\t1", "306\t101&101\tinvalid\t1" ] }, { "table_name": "TEST_PLUGIN_LONG_KEY_TYPE_TABLE", "table_content": [ "1\t11111111\tShijiazhuang\t1\t0", "2\t22222222\tZhengzhou\t1\t0", "3\t33333333\tJinan\t1\t0", "4\t44444444\tTaiyuan\t1\t0" ] }, { "table_name": "TEST_PLUGIN_INT_KEY_TYPE_TABLE", "table_content": [ "1\t101\tChina\t1\t0", "2\t102\tAmerica\t1\t0", "3\t103\tRussia\t1\t0", "4\t104\tJapan\t1\t0" ] }, { "table_name": "TEST_PLUGIN_IP_KEY_TYPE_TABLE", "table_content": [ "4\t100.64.1.1\tXiZang\t1\t0", "4\t100.64.1.2\tXinJiang\t1\t0", "6\t2001:da8:205:1::101\tGuiZhou\t1\t0", "6\t1001:da8:205:1::101\tSiChuan\t1\t0", "7\t100.64.1.3\tQingHai\t1\t0", "6\t100.64.1.4\tGanSu\t1\t0" ] } ] }