gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-09-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
7cf9a79d64f800fa74de1fc6b80171c5ab0a274e
tango-maat/test/maat_json.json
刘文坛 7cf9a79d64 [PATCH] Ipport plugin unit_test & statistics
2023-10-07 09:48:26 +00:00

3092 lines
123 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"compile_table": "COMPILE_DEFAULT",
"group2compile_table": "GROUP2COMPILE_DEFAULT",
"group2group_table": "GROUP2GROUP",
"groups": [
{
"group_name": "ASN1234",
"regions": [
{
"table_name": "AS_NUMBER",
"table_type": "expr",
"table_content": {
"keywords": "AS1234",
"expr_type": "none",
"match_method": "exact",
"format": "uncase plain"
}
}
]
},
{
"group_name": "ASN2345",
"regions": [
{
"table_name": "AS_NUMBER",
"table_type": "expr",
"table_content": {
"keywords": "AS2345",
"expr_type": "none",
"match_method": "exact",
"format": "uncase plain"
}
}
]
},
{
"group_name": "financial-department-ip",
"regions": [
{
"table_name": "IP_CONFIG",
"table_type": "ip_plus",
"table_content": {
"addr_type": "ipv4",
"addr_format": "mask",
"ip1": "192.168.40.88",
"ip2": "255.255.255.255",
"port_format": "range",
"port1": "0",
"port2": "65535",
"protocol": 6
}
}
]
},
{
"group_name": "Country-Sparta-IP",
"regions": [
{
"table_name": "GeoLocation",
"table_type": "expr",
"table_content": {
"keywords": "Greece.Sparta",
"expr_type": "none",
"match_method": "exact",
"format": "uncase plain"
}
}
]
},
{
"group_name": "IPv4-composition-source-only",
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"addr_format": "single",
"ip1": "192.168.50.24",
"ip2": "192.168.50.24",
"port_format": "range",
"port1": "39000",
"port2": "40000",
"protocol": 6
}
}
]
},
{
"group_name": "FQDN_OBJ1",
"regions": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "sports.example.com",
"expr_type": "none",
"match_method": "exact",
"format": "uncase plain"
}
}
]
},
{
"group_name": "FQDN_CAT1",
"regions": [
{
"table_name": "INTERGER_PLUS",
"table_type": "interval_plus",
"table_content": {
"district": "fqdn_cat_id",
"low_boundary": 1724,
"up_boundary": 1724
}
}
]
},
{
"group_name": "IPv4-composition-NOT-client-ip",
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"addr_format": "single",
"ip1": "192.168.58.19",
"ip2": "192.168.58.19",
"port_format": "single",
"port1": "20000",
"port2": "20000",
"protocol": 6
}
}
]
},
{
"group_name": "IPv4-composition-NOT-server-ip",
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "10.0.1.20",
"ip2": "10.0.1.25",
"port_format": "range",
"port1": "1",
"port2": "443",
"protocol": 6
}
}
]
}
],
"rules": [
{
"compile_id": 123,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "escaped\\bdata:have\\ba\\bspace\\band\\ba\\b\\&\\bsymbol.",
"is_valid": "yes",
"groups": [
{
"group_name": "123_IP_group",
"regions": [
{
"table_name": "IP_CONFIG",
"table_type": "ip_plus",
"table_content": {
"addr_type": "ipv4",
"addr_format": "mask",
"ip1": "10.0.6.201",
"ip2": "255.255.0.0",
"port_format": "range",
"port1": "0",
"port2": "65535",
"protocol": 6
}
},
{
"table_name": "IP_CONFIG",
"table_type": "ip_plus",
"table_content": {
"addr_type": "ipv6",
"addr_format": "mask",
"ip1": "2001:da8:205:1::101",
"ip2": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:0000",
"port_format": "range",
"port1": "0",
"port2": "65535",
"protocol": 6
}
}
]
},
{
"group_name": "Untitled",
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "abckkk&123",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 124,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "123_IP_group"
},
{
"group_name": "Untitled",
"regions": [
{
"table_name": "CONTENT_SIZE",
"table_type": "interval",
"table_content": {
"low_boundary": 100,
"up_boundary": 500
}
}
]
}
]
},
{
"compile_id": 125,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "action=search\\&query=(.*)",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 126,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "should_not_hit_any_rule",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
},
{
"group_name": "126_interval_group",
"regions": [
{
"table_name": "CONTENT_SIZE",
"table_type": "interval",
"table_content": {
"low_boundary": 2014,
"up_boundary": 2016
}
}
]
}
]
},
{
"compile_id": 128,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "StringScan.ExprPlus",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "HTTP_SIGNATURE",
"table_type": "expr_plus",
"table_content": {
"district": "HtTP\\bUrL",
"keywords": "abckkk&123",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 129,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "utf8_中文",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "C#中国",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 130,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "utf8_维语",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "2010&يىلىدىكى",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 131,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "utf8_维语2",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "سىياسىي",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 132,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "string\\bunescape",
"is_valid": "yes",
"groups": [
{
"group_name": "TakeMeHome",
"regions": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "Take\\bme\\bHome&Batman\\",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 133,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "13018_table_conjunction_test_part1\bnow_its_very_very_long0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "HTTP_HOST",
"table_type": "expr",
"table_content": {
"keywords": "www.3300av.com",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 134,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "table_conjunction_test_part2",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "novel&27122.txt",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 136,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "offset_string",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "IMAGE_FP",
"table_type": "expr",
"table_content": {
"keywords": "4362-4458:323031333A30333A30372032333A35363A313000323031333A30333A30372032333A35363A3130000000FFE20C584943435F50524F46494C4500010100000C484C696E6F021000006D6E74725247422058595A2007CE00020009000600310000",
"expr_type": "offset",
"match_method": "none",
"format": "hexbin"
}
}
]
}
]
},
{
"compile_id": 137,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "offset_string",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "IMAGE_FP",
"table_type": "expr",
"table_content": {
"keywords": "19339-19467:6CB2CB2F2028474C994991CCFC65CCA5E3B6FF001673985D157358610CACC674EE64CC27B5721CCDABD9CCA7C8E9F7BB1F54A930A6034D50F92711F5B2DACCB0715D2E6873CE5CE431DC701A194C260E9DB78CC89F2C84745869AB88349A3AE0412AB59D9ABA84EDEFFF0057FA4DA66D333698B5AD6F844DA2226D1CADAD5E44",
"expr_type": "offset",
"match_method": "none",
"format": "hexbin"
}
}
]
}
]
},
{
"compile_id": 138,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"tags": "{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\",\"上海/浦东/陆家嘴\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"联通\"]}],[{\"tag\":\"location\",\"value\":[\"北京\"]},{\"tag\":\"isp\",\"value\":[\"联通\"]}]]}",
"user_region": "Not\\baccepted\\btags",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "should&hit&aaa",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 139,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"tags": "{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"移动\"]}]]}",
"user_region": "Accepted\\btags",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "should&hit&bbb",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 140,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "file_streams",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "2018-10-05",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 141,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "Something:I\\bhave\\ba\\bname,7799",
"compile_table_name": "COMPILE_ALIAS",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"g2c_table_name": "GROUP2COMPILE_ALIAS",
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "i.ytimg.com",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 142,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "StringScan.UTF8EncodedURL",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": ",IgpwcjA0LnN2bzAzKgkxMjcuMC4wLjE",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 143,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "NOTLogic.OneRegion",
"is_valid": "yes",
"groups": [
{
"not_flag": 0,
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-contained-string-of-rule-143",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
},
{
"not_flag": 1,
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-not-contained-string-of-rule-143",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 144,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "NOTLogic.ScanNotAtLast",
"is_valid": "yes",
"groups": [
{
"not_flag": 0,
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-contained-string-of-rule-144",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
},
{
"not_flag": 1,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "must-not-contained-string-of-rule-144",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 145,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "NOTLogic.ScanNotIP",
"is_valid": "yes",
"groups": [
{
"not_flag": 0,
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-contained-string-of-rule-145",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
},
{
"not_flag": 1,
"group_name": "123_IP_group"
}
]
},
{
"compile_id": 146,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "StringScan.Regex",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "Cookie:\\s.*head",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 147,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "StringScan.UTF8EncodedURL",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "googlevideo.com/videoplayback&mn=sn-35153iuxa-5a56%2Csn-n8v7znz7",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 148,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "StringScan.ExprPlusWithOffset",
"effective_rage": 0,
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "APP_PAYLOAD",
"table_type": "expr_plus",
"table_content": {
"format": "hexbin",
"match_method": "sub",
"district": "Payload",
"keywords": "1-1:03&9-10:2d&14-16:2d34&19-21:2d&24-25:2d",
"expr_type": "offset"
}
}
]
}
]
},
{
"compile_id": 149,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "StringScan.Regex",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "CORNER_CASE_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "^((?!.*\\binstagram\\b)).*\\.fbcdn\\.net$",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 150,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "StringScan.BugReport20190325",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_type": "expr",
"table_name": "TROJAN_PAYLOAD",
"table_content": {
"keywords": "0-4:01000000",
"expr_type": "offset",
"format": "hexbin",
"match_method": "sub"
}
}
],
"group_name": "billgates_regist1"
},
{
"regions": [
{
"table_type": "expr",
"table_name": "TROJAN_PAYLOAD",
"table_content": {
"keywords": "1:G2.40",
"expr_type": "none",
"format": "uncase plain",
"match_method": "sub"
}
}
],
"group_name": "billgates_regist2"
}
]
},
{
"compile_id": 151,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "StringScan.PrefixAndSuffix",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_type": "expr",
"table_name": "MAIL_ADDR",
"table_content": {
"keywords": "ceshi3@mailhost.cn",
"expr_type": "none",
"format": "uncase plain",
"match_method": "suffix"
}
}
],
"group_name": "Untitled"
}
]
},
{
"compile_id": 152,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "StringScan.PrefixAndSuffix",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_type": "expr",
"table_name": "MAIL_ADDR",
"table_content": {
"keywords": "ceshi3@mailhost.cn",
"expr_type": "none",
"format": "uncase plain",
"match_method": "prefix"
}
},
{
"table_type": "expr",
"table_name": "MAIL_ADDR",
"table_content": {
"keywords": "ceshi6@mailhost.cn",
"expr_type": "none",
"format": "uncase plain",
"match_method": "prefix"
}
}
],
"group_name": "152_mail_addr"
},
{
"group_name": "interval_group_refered",
"sub_groups": [
{
"group_name": "126_interval_group"
}
]
}
]
},
{
"compile_id": 153,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "Policy.SubGroup",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_type": "expr",
"table_name": "MAIL_ADDR",
"table_content": {
"keywords": "ceshi4@mailhost.cn",
"expr_type": "none",
"format": "uncase plain",
"match_method": "prefix"
}
}
],
"group_name": "Untitled",
"sub_groups": [
{
"group_name": "152_mail_addr"
}
],
"not_flag": 0
},
{
"group_name": "IP_group_refered",
"sub_groups": [
{
"group_name": "123_IP_group"
}
]
}
]
},
{
"compile_id": 154,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "ipv4_plus",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "10.0.7.100",
"ip2": "10.0.7.106",
"port_format": "range",
"port1": "65530",
"port2": "65535",
"protocol": 6
}
}
],
"not_flag": 0
}
]
},
{
"compile_id": 155,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "ipv6_plus",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv6",
"addr_format": "range",
"ip1": "1001:da8:205:1::101",
"ip2": "1001:da8:205:1::201",
"port_format": "range",
"port1": "65510",
"port2": "65520",
"protocol": 6
}
}
],
"not_flag": 0
}
]
},
{
"compile_id": 156,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "ExprPlusWithHex",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "HTTP_SIGNATURE",
"table_type": "expr_plus",
"table_content": {
"district": "Content-Type",
"keywords": "2f68746d6c",
"expr_type": "none",
"match_method": "sub",
"format": "hexbin"
}
}
]
}
]
},
{
"compile_id": 157,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "StringScan.StreamScanUTF8",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_type": "expr",
"table_name": "TROJAN_PAYLOAD",
"table_content": {
"keywords": "我的订单",
"expr_type": "none",
"format": "none",
"match_method": "sub"
}
}
]
}
]
},
{
"compile_id": 158,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "IPScan.IPv4_CIDR",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"addr_format": "CIDR",
"ip1": "192.168.0.1",
"ip2": "32",
"port_format": "range",
"port1": "5210",
"port2": "5211",
"protocol": 6
}
}
],
"not_flag": 0
}
]
},
{
"compile_id": 159,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "IPScan.IPv6_CIDR",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv6",
"addr_format": "CIDR",
"ip1": "2001:db8::",
"ip2": "120",
"port_format": "range",
"port1": "65510",
"port2": "65520",
"protocol": 6
}
}
],
"not_flag": 0
}
]
},
{
"compile_id": 160,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "VirtualWithOnePhysical",
"is_valid": "yes",
"groups": [
{
"group_name": "TakeMeHome",
"virtual_table": "HTTP_RESPONSE_KEYWORDS",
"not_flag": 0
},
{
"not_flag": 0,
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "https://blog.csdn.net/littlefang/article/details/8213058",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 161,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "virtual_table_test_temp",
"is_valid": "yes",
"groups": [
{
"group_name": "vt_grp_http_sig1",
"not_flag": 0,
"regions": [
{
"table_name": "HTTP_SIGNATURE",
"table_type": "expr_plus",
"table_content": {
"district": "User-Agent",
"keywords": "Chrome/78.0.3904.108",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
},
{
"group_name": "vt_grp_http_sig2",
"not_flag": 0,
"regions": [
{
"table_name": "HTTP_SIGNATURE",
"table_type": "expr_plus",
"table_content": {
"district": "Cookie",
"keywords": "uid=12345678",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
},
{
"table_name": "HTTP_SIGNATURE",
"table_type": "expr_plus",
"table_content": {
"district": "Cookie",
"keywords": "sessionid=888888",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 162,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "VirtualWithVirtual",
"is_valid": "yes",
"groups": [
{
"group_name": "vt_grp_http_sig1",
"virtual_table": "HTTP_REQUEST_HEADER",
"not_flag": 0
},
{
"group_name": "vt_grp_http_sig2",
"virtual_table": "HTTP_RESPONSE_HEADER",
"not_flag": 0
}
]
},
{
"compile_id": 163,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "OneGroupInTwoVirtual",
"is_valid": "yes",
"groups": [
{
"group_name": "vt_grp_http_sig2",
"virtual_table": "HTTP_REQUEST_HEADER",
"not_flag": 0
},
{
"group_name": "vt_grp_http_sig2",
"virtual_table": "HTTP_RESPONSE_HEADER",
"not_flag": 0
}
]
},
{
"compile_id": 164,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "CharsetWindows1251",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": ">ЗАО\\b«Севергазвтоматика\\bАйС»<",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 165,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "EvaluationOrder",
"is_valid": "yes",
"evaluation_order": "2.111",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "cavemancircus.com/",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
},
{
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"addr_format": "CIDR",
"ip1": "192.168.23.1",
"ip2": "24",
"port_format": "range",
"port1": "65530",
"port2": "65535",
"protocol": -1
}
}
],
"not_flag": 0
}
]
},
{
"compile_id": 166,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "EvaluationOrder",
"is_valid": "yes",
"evaluation_order": "100.233",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "2019/12/27/pretty-girls-6",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 167,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "EvaluationOrder",
"is_valid": "yes",
"evaluation_order": "300.999",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "2019/12/27",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 168,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "EvaluationOrder",
"is_valid": "yes",
"evaluation_order": "0",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "2019/12/27",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 169,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "IPScan.IPv4_Any",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"addr_format": "CIDR",
"ip1": "0.0.0.0",
"ip2": "0",
"port_format": "range",
"port1": "64000",
"port2": "64999",
"protocol": 6
}
}
],
"not_flag" : 0
}
]
},
{
"compile_id": 170,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "IPScan.IPv4_virtual.source",
"is_valid": "no",
"groups": [
{
"group_name": "ipv4_virtual.source",
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"addr_format": "CIDR",
"ip1": "192.168.40.10",
"ip2": "32",
"port_format": "range",
"port1": "65531",
"port2": "65535",
"protocol": 6
}
}
],
"not_flag": 0
}
]
},
{
"compile_id": 171,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "IPScan.IPv4_virtual.destination",
"is_valid": "no",
"groups": [
{
"group_name": "ipv4_virtual.destination",
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"addr_format": "CIDR",
"ip1": "192.168.231.46",
"ip2": "32",
"port_format": "range",
"port1": "65532",
"port2": "65535",
"protocol": 6
}
}
],
"not_flag": 0
}
]
},
{
"compile_id": 172,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "ipv4_virtual.match",
"is_valid": "yes",
"groups": [
{
"group_name": "ipv4_virtual.source",
"virtual_table": "VIRTUAL_IP_PLUS_SOURCE",
"not_flag": 0
},
{
"group_name": "ipv4_virtual.destination",
"virtual_table": "VIRTUAL_IP_PLUS_DESTINATION",
"not_flag": 0
}
]
},
{
"compile_id": 173,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "IPScan.IPv4_composition.source",
"is_valid": "no",
"groups": [
{
"group_name": "ipv4_composition.source",
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"addr_format": "CIDR",
"ip1": "192.168.40.11",
"ip2": "32",
"port_format": "range",
"port1": "65530",
"port2": "65535",
"protocol": 6
}
}
],
"not_flag": 0
}
]
},
{
"compile_id": 174,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "IPScan.IPv4_composition.destination",
"is_valid": "no",
"groups": [
{
"group_name": "ipv4_composition.destination",
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"addr_format": "CIDR",
"ip1": "192.168.231.47",
"ip2": "32",
"port_format": "range",
"port1": "65530",
"port2": "65535",
"protocol": 6
}
}
],
"not_flag": 0
}
]
},
{
"compile_id": 175,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "ipv4_composition.match",
"is_valid": "yes",
"groups": [
{
"group_name": "ipv4_composition.source",
"virtual_table": "COMPOSITION_IP_SOURCE",
"not_flag": 0
},
{
"group_name": "ipv4_composition.destination",
"virtual_table": "COMPOSITION_IP_DESTINATION",
"not_flag": 0
}
]
},
{
"compile_id": 176,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "IPScan.IPv4_composition.session",
"is_valid": "no",
"groups": [
{
"group_name": "ipv4_composition.session",
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"addr_format": "CIDR",
"ip1": "192.168.40.11",
"ip2": "2",
"port_format": "range",
"port1": "65530",
"port2": "65535",
"protocol": 6
}
}
],
"not_flag": 0
}
]
},
{
"compile_id": 177,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "ipv4_composition.session.match",
"is_valid": "yes",
"groups": [
{
"group_name": "ipv4_composition.session",
"virtual_table": "COMPOSITION_IP_SESSION",
"not_flag": 0,
"clause_index": 1
}
]
},
{
"compile_id": 178,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "Hierarchy.TwoVirtualInOneClause",
"is_valid": "yes",
"groups": [
{
"group_name": "ASN1234",
"virtual_table": "SOURCE_IP_ASN",
"not_flag": 0,
"clause_index": 0
},
{
"group_name": "financial-department-ip",
"virtual_table": "null",
"not_flag": 0,
"clause_index": 0
},
{
"group_name": "Country-Sparta-IP",
"virtual_table": "SOURCE_IP_GEO",
"not_flag": 0,
"clause_index": 0
},
{
"group_name": "ASN2345",
"virtual_table": "DESTINATION_IP_ASN",
"not_flag": 0,
"clause_index": 1
}
]
},
{
"compile_id": 179,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "INTERGER_PLUS",
"table_type": "interval_plus",
"table_content": {
"district": "interval.plus",
"low_boundary": 2020,
"up_boundary": 2020
}
}
]
}
]
},
{
"compile_id": 180,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "Hierarchy_VirtualWithTwoPhysical",
"is_valid": "yes",
"groups": [
{
"group_name": "FQDN_OBJ1",
"virtual_table": "VIRTUAL_SSL_SNI",
"not_flag": 0,
"clause_index": 0
},
{
"group_name": "FQDN_CAT1",
"virtual_table": "VIRTUAL_SSL_SNI",
"not_flag": 0,
"clause_index": 0
}
]
},
{
"compile_id": 181,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "ipv4_composition.match",
"is_valid": "yes",
"groups": [
{
"group_name": "IPv4-composition-source-only",
"virtual_table": "COMPOSITION_IP_SOURCE",
"not_flag": 0
}
]
},
{
"compile_id": 182,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "8-expr",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "string1&string2&string3&string4&string5&string6&string7&string8",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 183,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "StringScan.RegexWithNotContains",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "CORNER_CASE_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "^(?=.*/rain/a/TWF2021042600418000)(?!new.qq.com).*",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 184,
"user_region": "APP_ID=6006740;Liumengyan-Bugreport-20210515",
"description": "Hulu",
"is_valid": "yes",
"do_blacklist": 0,
"do_log": 0,
"action": 0,
"service": 0,
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "IP_CONFIG",
"table_type": "ip_plus",
"table_content": {
"addr_type": "ipv6",
"addr_format": "mask",
"ip1": "::",
"ip2": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
"port_format": "single",
"port1": "0",
"port2": "0",
"protocol": 0
}
}
]
}
]
},
{
"compile_id": 185,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "ipv4_composition.NOT_match",
"is_valid": "yes",
"groups": [
{
"group_name": "IPv4-composition-NOT-client-ip",
"virtual_table": "COMPOSITION_IP_SOURCE",
"not_flag": 0
},
{
"group_name": "IPv4-composition-NOT-server-ip",
"virtual_table": "COMPOSITION_IP_DESTINATION",
"not_flag": 1
}
]
},
{
"compile_id": 186,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "NOTLogic.ScanHitAtLast",
"is_valid": "yes",
"groups": [
{
"not_flag": 1,
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-not-contained-string-of-rule-186",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
},
{
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"addr_format": "single",
"ip1": "10.0.8.186",
"ip2": "10.0.8.186",
"port_format": "single",
"port1": "18611",
"port2": "18611",
"protocol": 6
}
}
],
"not_flag": 0
}
]
},
{
"compile_id": 187,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "NOTLogic.ScanHitAtLast",
"is_valid": "yes",
"groups": [
{
"not_flag": 1,
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-not-contained-string-of-rule-187",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
},
{
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"addr_format": "single",
"ip1": "10.0.8.187",
"ip2": "10.0.8.187",
"port_format": "single",
"port1": "18611",
"port2": "18611",
"protocol": 6
}
}
],
"not_flag": 0
}
]
},
{
"compile_id": 188,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "NOTLogic.ScanHitAtLast",
"is_valid": "yes",
"groups": [
{
"not_flag": 1,
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-not-contained-string-of-rule-188",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
},
{
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"addr_format": "single",
"ip1": "10.0.8.188",
"ip2": "10.0.8.188",
"port_format": "single",
"port1": "18611",
"port2": "18611",
"protocol": 6
}
}
],
"not_flag": 0
}
]
},
{
"is_valid": "yes",
"do_log": 0,
"effective_rage": 0,
"action": 0,
"compile_id": 189,
"service": 0,
"do_blacklist": 0,
"user_region": "StringScan.ShouldNotHitExprPlus",
"groups": [
{
"regions": [
{
"table_name": "APP_PAYLOAD",
"table_content": {
"format": "hexbin",
"match_method": "sub",
"district": "tcp.payload.c2s_first_data",
"keywords": "ab00",
"expr_type": "none"
},
"table_type": "expr_plus"
}
],
"group_name": "Untitled"
}
]
},
{
"compile_id": 190,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "StringScan.ExprPlus",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "HTTP_SIGNATURE",
"table_type": "expr_plus",
"table_content": {
"district": "我的DistrIct",
"keywords": "addis&sapphire",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 191,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "StringScan.HexBinCaseSensitive",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_type": "expr",
"table_name": "KEYWORDS_TABLE",
"table_content": {
"keywords": "54455354",
"expr_type": "none",
"format": "hexbin",
"match_method": "sub"
}
}
],
"group_name": "Untitled"
}
]
},
{
"compile_id": 192,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_type": "flag",
"table_name": "FLAG_CONFIG",
"table_content": {
"flag": 1,
"flag_mask": 3
}
}
]
}
]
},
{
"compile_id": 193,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_type": "flag",
"table_name": "FLAG_CONFIG",
"table_content": {
"flag": 2,
"flag_mask": 3
}
}
]
},
{
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "hello",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 194,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_type": "flag",
"table_name": "FLAG_CONFIG",
"table_content": {
"flag": 21,
"flag_mask": 31
}
}
]
}
]
},
{
"compile_id": 195,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "HTTP_SIGNATURE",
"table_type": "expr_plus",
"table_content": {
"district": "I love China",
"keywords": "today&yesterday",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
},
{
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "Monday",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 196,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_type": "flag_plus",
"table_name": "FLAG_PLUS_CONFIG",
"table_content": {
"district": "I love\\bChina",
"flag": 30,
"flag_mask": 14
}
}
]
}
]
},
{
"compile_id": 197,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "Something:I\\bhave\\ba\\bname,8866",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "hqdefault.jpg",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 198,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "Something:I\\bhave\\ba\\bname,7799",
"compile_table_name": "COMPILE_FIREWALL",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"g2c_table_name": "GROUP2COMPILE_FIREWALL",
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "firewall",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 199,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "ExcludeLogic.ScanNotAtLast",
"is_valid": "yes",
"groups": [
{
"group_name": "ExcludeLogicGroup199",
"sub_groups":[
{
"group_name": "ExcludeLogicGroup199_1",
"is_exclude": 0,
"clause_index": 0,
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-contained-string-of-rule-199",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
},
{
"group_name": "ExcludeLogicGroup199_2",
"is_exclude": 1,
"clause_index": 0,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "must-not-contained-string-of-rule-199",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
}
]
},
{
"compile_id": 200,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "ExcludeLogic.OneRegion",
"is_valid": "yes",
"groups": [
{
"group_name": "ExcludeLogicGroup200",
"sub_groups":[
{
"group_name": "ExcludeLogicGroup200_1",
"is_exclude": 0,
"clause_index": 0,
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-contained-string-of-rule-200",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
},
{
"group_name": "ExcludeLogicGroup200_2",
"is_exclude": 1,
"clause_index": 0,
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-not-contained-string-of-rule-200",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
}
]
},
{
"compile_id": 201,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "ExcludeLogic.ScanNotIP",
"is_valid": "yes",
"groups": [
{
"group_name": "ExcludeLogicGroup201",
"sub_groups":[
{
"group_name": "ExcludeLogicGroup201_1",
"is_exclude": 0,
"clause_index": 0,
"regions": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-contained-string-of-rule-201",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
},
{
"group_name": "123_IP_group",
"is_exclude": 1,
"clause_index": 0
}
]
}
]
},
{
"compile_id": 202,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "null",
"is_valid": "yes",
"groups": [
{
"group_name": "ExcludeLogicGroup202",
"virtual_table": "VIRTUAL_IP_PLUS_TABLE",
"clause_index": 0,
"sub_groups":[
{
"group_name": "ExcludeLogicGroup202_1",
"is_exclude": 0,
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "100.64.1.0",
"ip2": "100.64.1.20",
"port_format": "range",
"port1": "5210",
"port2": "5211",
"protocol": 6
}
}
]
},
{
"group_name": "ExcludeLogicGroup202_2",
"is_exclude": 1,
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "100.64.1.6",
"ip2": "100.64.1.10",
"port_format": "range",
"port1": "5210",
"port2": "5211",
"protocol": 6
}
}
]
},
{
"group_name": "ExcludeLogicGroup202_3",
"is_exclude": 1,
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "100.64.1.11",
"ip2": "100.64.1.20",
"port_format": "range",
"port1": "5210",
"port2": "5211",
"protocol": 6
}
}
]
}
]
}
]
},
{
"compile_id": 203,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "null",
"is_valid": "yes",
"groups": [
{
"group_name": "ExcludeLogicGroup203_1",
"virtual_table": "VIRTUAL_IP_PLUS_SOURCE",
"clause_index": 0,
"regions": [
{
"table_name": "IP_PLUS_CONFIG",
"table_type": "ip_plus",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "192.168.50.43",
"ip2": "192.168.50.43",
"port_format": "range",
"port1": "56168",
"port2": "56168",
"protocol": -1,
"direction": "double"
}
}
]
},
{
"group_name": "ExcludeLogicGroup203_2",
"virtual_table": "VIRTUAL_IP_PLUS_DESTINATION",
"clause_index": 1,
"regions": [
{
"table_name": "IP_PLUS_CONFIG",
"table_type": "ip_plus",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "47.92.108.93",
"ip2": "47.92.108.93",
"port_format": "range",
"port1": "443",
"port2": "443",
"protocol": -1,
"direction": "double"
}
}
]
},
{
"group_name": "ExcludeLogicGroup203_3",
"virtual_table": "HTTP_RESPONSE_KEYWORDS",
"clause_index": 2,
"sub_groups": [
{
"group_name": "ExcludeLogicGroup203_3_1",
"is_exclude": 0,
"regions": [
{
"table_type":"expr",
"table_name":"KEYWORDS_TABLE",
"table_content":{
"format":"uncase plain",
"match_method":"suffix",
"keywords":"jianshu.com",
"expr_type":"none"
}
}
]
},
{
"group_name": "ExcludeLogicGroup203_3_2",
"is_exclude": 1,
"regions": [
{
"table_type":"expr",
"table_name":"KEYWORDS_TABLE",
"table_content":{
"format":"uncase plain",
"match_method":"complete",
"keywords":"www.jianshu.com",
"expr_type":"none"
}
}
]
}
]
}
]
},
{
"compile_id": 204,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "null",
"is_valid": "yes",
"groups": [
{
"group_name": "ExcludeLogicGroup204_1",
"virtual_table": "VIRTUAL_IP_PLUS_SOURCE",
"clause_index": 0,
"regions": [
{
"table_name": "IP_PLUS_CONFIG",
"table_type": "ip_plus",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "100.64.2.0",
"ip2": "100.64.2.5",
"port_format": "range",
"port1": "56168",
"port2": "56168",
"protocol": -1,
"direction": "double"
}
}
]
},
{
"group_name": "ExcludeLogicGroup204_2",
"virtual_table": "VIRTUAL_IP_PLUS_DESTINATION",
"clause_index": 1,
"regions": [
{
"table_name": "IP_PLUS_CONFIG",
"table_type": "ip_plus",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "100.64.2.6",
"ip2": "100.64.2.10",
"port_format": "range",
"port1": "443",
"port2": "443",
"protocol": -1,
"direction": "double"
}
}
]
},
{
"group_name": "ExcludeLogicGroup204_3",
"virtual_table": "HTTP_RESPONSE_KEYWORDS",
"clause_index": 2,
"sub_groups": [
{
"group_name": "ExcludeLogicGroup204_3_1",
"is_exclude": 0,
"sub_groups" : [
{
"group_name": "ExcludeLogicGroup204_3_1_1",
"is_exclude": 0,
"regions": [
{
"table_type":"expr",
"table_name":"KEYWORDS_TABLE",
"table_content":{
"format":"uncase plain",
"match_method":"suffix",
"keywords":"baidu.com",
"expr_type":"none"
}
}
]
},
{
"group_name": "ExcludeLogicGroup204_3_1_2",
"is_exclude": 1,
"regions": [
{
"table_type":"expr",
"table_name":"KEYWORDS_TABLE",
"table_content":{
"format":"uncase plain",
"match_method":"complete",
"keywords":"www.baidu.com",
"expr_type":"none"
}
}
]
}
]
},
{
"group_name": "ExcludeLogicGroup204_3_2",
"is_exclude": 1,
"regions": [
{
"table_type":"expr",
"table_name":"KEYWORDS_TABLE",
"table_content":{
"format":"uncase plain",
"match_method":"complete",
"keywords":"mail.baidu.com",
"expr_type":"none"
}
}
]
}
]
}
]
},
{
"compile_id": 205,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "StringScan.RegexExpressionIllegal",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_type": "expr",
"table_name": "KEYWORDS_TABLE",
"table_content": {
"keywords": "123^456",
"expr_type": "regex",
"format": "uncase plain",
"match_method": "sub"
}
}
],
"group_name": "Untitled"
}
]
},
{
"compile_id": 206,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "duplicateRuleFor191",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_type": "expr",
"table_name": "KEYWORDS_TABLE",
"table_content": {
"keywords": "54455354",
"expr_type": "none",
"format": "hexbin",
"match_method": "sub"
}
}
],
"group_name": "Untitled"
}
]
},
{
"compile_id": 207,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "duplicateRuleFor192",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_type": "flag",
"table_name": "FLAG_CONFIG",
"table_content": {
"flag": 1,
"flag_mask": 3
}
}
]
}
]
},
{
"compile_id": 208,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "duplicateRuleFor154",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "10.0.7.100",
"ip2": "10.0.7.106",
"port_format": "range",
"port1": "65530",
"port2": "65535",
"protocol": 6
}
}
],
"not_flag": 0
}
]
},
{
"compile_id": 209,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "duplicateRuleFor179",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "INTERGER_PLUS",
"table_type": "interval_plus",
"table_content": {
"district": "interval.plus",
"low_boundary": 2020,
"up_boundary": 2020
}
}
]
}
]
},
{
"compile_id": 210,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "ipv6_::",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv6",
"addr_format": "CIDR",
"ip1": "::",
"ip2": "0",
"port_format": "range",
"port1": "64000",
"port2": "64999",
"protocol": 6
}
}
],
"not_flag": 0
}
]
}
],
"plugin_table": [
{
"table_name": "QD_ENTRY_INFO",
"table_content": [
"1\t192.168.0.1\t101\t1",
"2\t192.168.0.2\t102\t1",
"3\t192.168.1.1\t103\t1"
]
},
{
"table_name": "TEST_PLUGIN_TABLE",
"table_content": [
"1\t3388\t99\t1",
"2\t3355\t66\t1",
"3\tcccc\t11\t1"
]
},
{
"table_name": "TEST_PLUGIN_EXDATA_TABLE",
"table_content": [
"1\tHeBei\tShijiazhuang\t1\t0",
"2\tHeNan\tZhengzhou\t1\t0",
"3\tShanDong\tJinan\t1\t0",
"4\tShanXi\tTaiyuan\t1\t0"
]
},
{
"table_name": "TEST_EFFECTIVE_RANGE_TABLE",
"table_content": [
"1\tSUCCESS\t99\t1\t{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"移动\"]}]]}\t1111",
"2\tSUCCESS\t66\t1\t0\t222",
"3\tFAILED\t11\t1\t{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\",\"上海/浦东/陆家嘴\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"联通\"]}],[{\"tag\":\"location\",\"value\":[\"北京\"]},{\"tag\":\"isp\",\"value\":[\"联通\"]}]]}\t333",
"4\tSUCCESS\t66\t1\t{}\t444",
"5\tSUCCESS\t66\t1\t{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京\"]}]]}\t444",
"6\tSUCCESS\t66\t1\t{\"tag_sets\":[[{\"tag\":\"weather\",\"value\":[\"hot\"]}]]}\t444"
]
},
{
"table_name": "IR_INTERCEPT_IP",
"table_content": [
"1000000130\t1000000130\t4\t192.168.10.99\t255.255.255.255\t0\t65535\t0.0.0.0\t255.255.255.255\t0\t65535\t0\t1\t1\t96\t1\tuser_region\t{}\t2019/1/24/18:0:34",
"161\t161\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t61.135.169.121\t255.255.255.255\t0\t65535\t0\t0\t1\t96\t832\t0\t0\t2019/1/24/18:48:42"
]
},
{
"table_name": "TEST_IP_PLUGIN_WITH_EXDATA",
"table_content": [
"101\t4\t192.168.30.99\t192.168.30.101\tSomething-like-json\t1\trange",
"102\t4\t192.168.30.90\t192.168.30.128\tBigger-range-should-in-the-back\t1\trange",
"103\t6\t2001:db8:1234::\t2001:db8:1235::\tBigger-range-should-in-the-back\t1\trange",
"104\t6\t2001:db8:1234::1\t2001:db8:1234::5210\tSomething-like-json\t1\trange",
"105\t6\t2620:100:3000::\t2620:0100:30ff:ffff:ffff:ffff:ffff:ffff\tBugreport-liumengyan-20210517\t1\trange"
]
},
{
"table_name": "TEST_IPPORT_PLUGIN_WITH_EXDATA",
"table_content": [
"101\t4\t192.168.100.1\t0\t255\t1",
"102\t4\t192.168.100.2\t100\t200\t1",
"103\t4\t192.168.100.1\t255\t300\t1",
"104\t6\t2001:db8:1234::5210\t255\t512\t1"
]
},
{
"table_name": "TEST_FQDN_PLUGIN_WITH_EXDATA",
"table_content": [
"201\t0\twww.example1.com\tcatid=1\t1",
"202\t1\t.example1.com\tcatid=1\t1",
"203\t0\tnews.example1.com\tcatid=2\t1",
"204\t0\tr3---sn-i3belne6.example2.com\tcatid=3\t1",
"205\t0\tr3---sn-i3belne6.example2.com\tcatid=3\t1"
]
},
{
"table_name": "TEST_BOOL_PLUGIN_WITH_EXDATA",
"table_content": [
"301\t1&2&1000\ttunnel1\t1",
"302\t101&102\ttunnel2\t1",
"303\t102\ttunnel3\t1",
"304\t101\ttunnel4\t1",
"305\t0&1&2&3&4&5&6&7\ttunnel5\t1",
"306\t101&101\tinvalid\t1"
]
},
{
"table_name": "TEST_PLUGIN_LONG_KEY_TYPE_TABLE",
"table_content": [
"1\t11111111\tShijiazhuang\t1\t0",
"2\t22222222\tZhengzhou\t1\t0",
"3\t33333333\tJinan\t1\t0",
"4\t44444444\tTaiyuan\t1\t0"
]
},
{
"table_name": "TEST_PLUGIN_INT_KEY_TYPE_TABLE",
"table_content": [
"1\t101\tChina\t1\t0",
"2\t102\tAmerica\t1\t0",
"3\t103\tRussia\t1\t0",
"4\t104\tJapan\t1\t0"
]
},
{
"table_name": "TEST_PLUGIN_IP_KEY_TYPE_TABLE",
"table_content": [
"4\t100.64.1.1\tXiZang\t1\t0",
"4\t100.64.1.2\tXinJiang\t1\t0",
"6\t2001:da8:205:1::101\tGuiZhou\t1\t0",
"6\t1001:da8:205:1::101\tSiChuan\t1\t0",
"7\t100.64.1.3\tQingHai\t1\t0",
"6\t100.64.1.4\tGanSu\t1\t0"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink