426 lines
14 KiB
JSON
426 lines
14 KiB
JSON
{
|
|
"compile_table": "COMPILE",
|
|
"group_table": "GROUP",
|
|
"rules": [
|
|
{
|
|
"compile_id": 123,
|
|
"service": 1,
|
|
"action": 1,
|
|
"do_blacklist": 1,
|
|
"do_log": 1,
|
|
"effective_rage": 0,
|
|
"user_region": "anything",
|
|
"is_valid": "yes",
|
|
"groups": [
|
|
{
|
|
"group_name": "IP_group",
|
|
"regions": [
|
|
{
|
|
"table_name": "IP_CONFIG",
|
|
"table_type": "ip",
|
|
"table_content": {
|
|
"addr_type": "ipv4",
|
|
"src_ip": "10.0.6.201",
|
|
"mask_src_ip": "255.255.0.0",
|
|
"src_port": "0",
|
|
"mask_src_port": "65535",
|
|
"dst_ip": "0.0.0.0",
|
|
"mask_dst_ip": "255.255.255.255",
|
|
"dst_port": "0",
|
|
"mask_dst_port": "65535",
|
|
"protocol": 6,
|
|
"direction": "double"
|
|
}
|
|
},
|
|
{
|
|
"table_name": "IP_CONFIG",
|
|
"table_type": "ip",
|
|
"table_content": {
|
|
"addr_type": "ipv6",
|
|
"src_ip": "2001:da8:205:1::101",
|
|
"mask_src_ip": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:0000",
|
|
"src_port": "0",
|
|
"mask_src_port": "65535",
|
|
"dst_ip": "0::0",
|
|
"mask_dst_ip": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
|
|
"dst_port": "0",
|
|
"mask_dst_port": "65535",
|
|
"protocol": 6,
|
|
"direction": "double"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"group_name": "Untitled",
|
|
"regions": [
|
|
{
|
|
"table_name": "HTTP_URL",
|
|
"table_type": "string",
|
|
"table_content": {
|
|
"keywords": "abckkk&123",
|
|
"expr_type": "and",
|
|
"match_method": "sub",
|
|
"format": "uncase plain"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 124,
|
|
"service": 1,
|
|
"action": 1,
|
|
"do_blacklist": 1,
|
|
"do_log": 1,
|
|
"effective_rage": 0,
|
|
"user_region": "anything",
|
|
"is_valid": "yes",
|
|
"groups": [
|
|
{
|
|
"group_name": "IP_group"
|
|
},
|
|
{
|
|
"group_name": "Untitled",
|
|
"regions": [
|
|
{
|
|
"table_name": "CONTENT_SIZE",
|
|
"table_type": "intval",
|
|
"table_content": {
|
|
"low_boundary": 100,
|
|
"up_boundary": 500
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 125,
|
|
"service": 1,
|
|
"action": 1,
|
|
"do_blacklist": 1,
|
|
"do_log": 1,
|
|
"effective_rage": 0,
|
|
"user_region": "anything",
|
|
"is_valid": "yes",
|
|
"groups": [
|
|
{
|
|
"regions": [
|
|
{
|
|
"table_name": "HTTP_URL",
|
|
"table_type": "string",
|
|
"table_content": {
|
|
"keywords": "action=search\\&query=(.*)",
|
|
"expr_type": "regex",
|
|
"match_method": "sub",
|
|
"format": "uncase plain"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 126,
|
|
"service": 1,
|
|
"action": 1,
|
|
"do_blacklist": 1,
|
|
"do_log": 1,
|
|
"effective_rage": 0,
|
|
"user_region": "anything",
|
|
"is_valid": "yes",
|
|
"groups": [
|
|
{
|
|
"group_name": "Untitled",
|
|
"regions": [
|
|
{
|
|
"table_name": "HTTP_URL",
|
|
"table_type": "string",
|
|
"table_content": {
|
|
"keywords": "should_not_hit_any_rule",
|
|
"expr_type": "none",
|
|
"match_method": "sub",
|
|
"format": "uncase plain"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"group_name": "Untitled",
|
|
"regions": [
|
|
{
|
|
"table_name": "CONTENT_SIZE",
|
|
"table_type": "intval",
|
|
"table_content": {
|
|
"low_boundary": 2014,
|
|
"up_boundary": 2016
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 127,
|
|
"service": 1,
|
|
"action": 1,
|
|
"do_blacklist": 1,
|
|
"do_log": 1,
|
|
"effective_rage": 0,
|
|
"user_region": "anything",
|
|
"is_valid": "yes",
|
|
"groups": [
|
|
{
|
|
"group_name": "Untitled",
|
|
"regions": [
|
|
{
|
|
"table_name": "FILE_DIGEST",
|
|
"table_type": "digest",
|
|
"table_content": {
|
|
"raw_len": 1160164,
|
|
"digest": "3072:Xk/maCm4yLYtRIFDFnVfHH+CAQI6VD5mekDmaa/4qCuFnqak1s3/+Gn1IJHa/AvybUsbGWcIAy9grTp2s5bbj/TaKxONfb[0:1160163]#12288:UChtbFS6pypdTy4m2[0:1160163]",
|
|
"cfds_level": 70
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 128,
|
|
"service": 1,
|
|
"action": 1,
|
|
"do_blacklist": 1,
|
|
"do_log": 1,
|
|
"effective_rage": 0,
|
|
"user_region": "anything",
|
|
"is_valid": "yes",
|
|
"groups": [
|
|
{
|
|
"group_name": "Untitled",
|
|
"regions": [
|
|
{
|
|
"table_name": "HTTP_REGION",
|
|
"table_type": "expr_plus",
|
|
"table_content": {
|
|
"district": "URL",
|
|
"keywords": "abckkk&123",
|
|
"expr_type": "and",
|
|
"match_method": "sub",
|
|
"format": "uncase plain"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 129,
|
|
"service": 1,
|
|
"action": 1,
|
|
"do_blacklist": 1,
|
|
"do_log": 1,
|
|
"effective_rage": 0,
|
|
"user_region": "utf8_中文",
|
|
"is_valid": "yes",
|
|
"groups": [
|
|
{
|
|
"group_name": "Untitled",
|
|
"regions": [
|
|
{
|
|
"table_name": "HTTP_URL",
|
|
"table_type": "string",
|
|
"table_content": {
|
|
"keywords": "C#中国",
|
|
"expr_type": "none",
|
|
"match_method": "sub",
|
|
"format": "uncase plain"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 130,
|
|
"service": 1,
|
|
"action": 1,
|
|
"do_blacklist": 1,
|
|
"do_log": 1,
|
|
"effective_rage": 0,
|
|
"user_region": "utf8_维语",
|
|
"is_valid": "yes",
|
|
"groups": [
|
|
{
|
|
"group_name": "Untitled",
|
|
"regions": [
|
|
{
|
|
"table_name": "KEYWORDS_TABLE",
|
|
"table_type": "string",
|
|
"table_content": {
|
|
"keywords": "2010&يىلىدىكى",
|
|
"expr_type": "and",
|
|
"match_method": "sub",
|
|
"format": "uncase plain"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 131,
|
|
"service": 1,
|
|
"action": 1,
|
|
"do_blacklist": 1,
|
|
"do_log": 1,
|
|
"effective_rage": 0,
|
|
"user_region": "utf8_维语2",
|
|
"is_valid": "yes",
|
|
"groups": [
|
|
{
|
|
"group_name": "Untitled",
|
|
"regions": [
|
|
{
|
|
"table_name": "KEYWORDS_TABLE",
|
|
"table_type": "string",
|
|
"table_content": {
|
|
"keywords": "سىياسىي",
|
|
"expr_type": "and",
|
|
"match_method": "sub",
|
|
"format": "uncase plain"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 132,
|
|
"service": 1,
|
|
"action": 1,
|
|
"do_blacklist": 1,
|
|
"do_log": 1,
|
|
"effective_rage": 0,
|
|
"user_region": "string\\bunescape",
|
|
"is_valid": "yes",
|
|
"groups": [
|
|
{
|
|
"group_name": "Untitled",
|
|
"regions": [
|
|
{
|
|
"table_name": "KEYWORDS_TABLE",
|
|
"table_type": "string",
|
|
"table_content": {
|
|
"keywords": "Take\\bme\\bHome&Batman\\",
|
|
"expr_type": "and",
|
|
"match_method": "sub",
|
|
"format": "uncase plain"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 133,
|
|
"service": 1,
|
|
"action": 1,
|
|
"do_blacklist": 1,
|
|
"do_log": 1,
|
|
"effective_rage": 0,
|
|
"user_region": "table_conjunction_test_part1",
|
|
"is_valid": "yes",
|
|
"groups": [
|
|
{
|
|
"group_name": "Untitled",
|
|
"regions": [
|
|
{
|
|
"table_name": "HTTP_HOST",
|
|
"table_type": "string",
|
|
"table_content": {
|
|
"keywords": "www.3300av.com",
|
|
"expr_type": "none",
|
|
"match_method": "sub",
|
|
"format": "uncase plain"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 134,
|
|
"service": 1,
|
|
"action": 1,
|
|
"do_blacklist": 1,
|
|
"do_log": 1,
|
|
"effective_rage": 0,
|
|
"user_region": "table_conjunction_test_part2",
|
|
"is_valid": "yes",
|
|
"groups": [
|
|
{
|
|
"group_name": "Untitled",
|
|
"regions": [
|
|
{
|
|
"table_name": "HTTP_URL",
|
|
"table_type": "string",
|
|
"table_content": {
|
|
"keywords": "novel&27122.txt",
|
|
"expr_type": "and",
|
|
"match_method": "sub",
|
|
"format": "uncase plain"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 135,
|
|
"service": 1,
|
|
"action": 1,
|
|
"do_blacklist": 1,
|
|
"do_log": 1,
|
|
"effective_rage": 0,
|
|
"user_region": "anything",
|
|
"is_valid": "yes",
|
|
"groups": [
|
|
{
|
|
"group_name": "Untitled",
|
|
"regions": [
|
|
{
|
|
"table_name": "SIM_URL",
|
|
"table_type": "similar",
|
|
"table_content": {
|
|
"target": "mwss.xiu.youku.com/live/hls/v1/0000000000000000000000001526a0a8/709.ts?&token=98765",
|
|
"threshold": 90
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"plugin_table": [
|
|
{
|
|
"table_name": "QD_ENTRY_INFO",
|
|
"table_content": [
|
|
"1\t192.168.0.1\t101\t1",
|
|
"2\t192.168.0.2\t101\t1",
|
|
"3\t192.168.1.1\t102\t1"
|
|
]
|
|
},
|
|
{
|
|
"table_name": "TEST_PLUGIN_TABLE",
|
|
"table_content": [
|
|
"1\t3388\t99\t1",
|
|
"2\t3355\t66\t1",
|
|
"3\tcccc\t11\t1"
|
|
]
|
|
}
|
|
]
|
|
}
|