{ "rule_table": "PXY_CTRL_RULE", "object2object_table": "OBJECT_GROUP", "rules": [ { "uuid": "40c9c6a7-70a9-48ae-9fba-ec7966edd3c6", "service": 1, "action": "manipulate", "blacklist_option": 1, "log_option": "all", "action_parameter":{"protocol":"DoH","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.abc.com","ttl":{"min":60,"max":300}},{"atype":"A","value":"1.1.1.1","ttl":{"min":60,"max":300}}]},{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"aaaa:ffff:00","ttl":{"min":60,"max":300}},{"atype":"CNAME","value":"abc.com.cn","ttl":{"min":60,"max":300}}]}]}, "is_valid": "yes", "conditions": [ { "attribute_name": "ATTR_DOH_QNAME", "objects": [ { "items": [ { "table_name": "TSG_OBJ_FQDN", "table_type": "expr", "table_content": { "keywords": "www.126.com", "expr_type": "and" } } ] } ] } ] }, { "uuid": "40c9c6a7-70a9-48ae-9fba-ec7966edd3c7", "service": 1, "action": "manipulate", "blacklist_option": 1, "log_option": "all", "action_parameter":{"protocol":"DoH","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.a.shifen.com","ttl":{"min":10,"max":10}},{"atype":"A","value":"182.61.200.6","ttl":{"min":20,"max":30}},{"atype":"A","value":"182.61.200.7","ttl":{"min":60,"max":61}}]},{"qtype":"AAAA","answer":[{"atype":"CNAME","value":"www.taobao.com.danuoyi.tbcache.com","ttl":{"min":100,"max":100}},{"atype":"AAAA","value":"2408:871a:2800:4:3::3fa","ttl":{"min":200,"max":300}},{"atype":"AAAA","value":"2408:871a:2800:2:3::3fa","ttl":{"min":600,"max":310}}]}]}, "is_valid": "yes", "conditions": [ { "attribute_name": "ATTR_DOH_QNAME", "objects": [ { "items": [ { "table_name": "TSG_OBJ_FQDN", "table_type": "expr", "table_content": { "keywords": "www.126.com", "expr_type": "and" } } ] } ] } ] } ], "plugin_table": [ { "table_name": "TSG_PROFILE_TRAFFIC_MIRROR", "table_content": [ {"uuid":"TRAFFIC0-MIRR-0000-0000-000000000001","vlan_ids":[1,2,3,4,5,6,7,8,9],"is_valid":1} ] }, { "table_name": "TSG_PROFILE_RESPONSE_PAGES", "table_content": [ {"uuid":"RESPONSE-PAGES-0000-0000-000000000001","profile_name":"404","format":"html","path":"./resource/pangu/policy_file/404.html","is_valid":1,"modified_time":"1716531859000000"} ] }, { "table_name": "PXY_PROFILE_HIJACK_FILES", "table_content": [ {"uuid":"HIJACK-FILES-0000-0000-000000000001","profile_name":"chakanqi","content_name":"chakanqi-947KB.exe","content_type":"application/x-msdos-program","path":"./resource/pangu/policy_file/chakanqi-947KB.exe","is_valid":1,"modified_time":"1716531859000000"} ] }, { "table_name": "PXY_PROFILE_INSERT_SCRIPTS", "table_content": [ {"uuid":"INSERT-SCRIPTS-0000-0000-000000000001","profile_name":"time","format":"js","insert_on":"before_page_load","path":"./resource/pangu/policy_file/time.js","is_valid":1,"modified_time":"1716531859000000"} ] }, { "table_name": "PXY_PROFILE_DECRYPTION", "table_content": [ {"uuid":"DECRYPT0-0000-0000-0000-000000000001","decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":1},"protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":0},"fail_action":"pass-through"}},"is_valid":1}, {"uuid":"DECRYPT0-0000-0000-0000-000000000003","decryption":{"dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":0},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}},"is_valid":1}, {"uuid":"DECRYPT0-0000-0000-0000-000000000004","decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0,"trusted_root_cert_is_not_installed_on_client":0},"protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":0,"allow_http2":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"}},"is_valid":1} ] }, { "table_name": "PXY_INTERCEPT_RULE", "table_content": [ {"uuid":"INTERCEP-0000-0000-0000-000000000001","action":"intercept", "log_option":"none", "action_parameter":{"vsys_id":1,"keyring_for_trusted":"KERING00-TRUS-0000-0000-000000000001","keyring_for_untrusted":"KERING00-UNTR-0000-0000-000000000001","decryption_profile":"DECRYPT0-0000-0000-0000-000000000001","tcp_option_profile":"TCPOPT00-0000-0000-0000-000000000001","traffic_mirror":{"enable":0}},"is_valid":1}, {"uuid":"INTERCEP-0000-0000-0000-000000000002","action":"intercept", "log_option":"none","action_parameter":{"vsys_id":1,"keyring_for_trusted":"KERING00-TRUS-0000-0000-000000000001","keyring_for_untrusted":"KERING00-UNTR-0000-0000-000000000001","decryption_profile":"DECRYPT0-0000-0000-0000-000000000001","tcp_option_profile":"TCPOPT00-0000-0000-0000-000000000001","traffic_mirror":{"enable":1,"mirror_profile":"TRAFFIC0-MIRR-0000-0000-000000000001"}},"is_valid":1} ] }, { "table_name": "SERVICE_CHAINING_RULE", "table_content": [ {"uuid":"SC000000-0000-0000-1111-000000000001","effective_range":{},"action_parameter":{"vsys_id":1,"targeted_traffic":"raw","sff_profiles":["00000000-0000-0000-2222-000000000001"]},"is_valid":1}, {"uuid":"SC000000-0000-0000-1111-000000000011","effective_range":{},"action_parameter":{"vsys_id":1,"targeted_traffic":"decrypted","sff_profiles":["00000000-0000-0000-2222-000000000001"]},"is_valid":1} ] }, { "table_name": "PXY_PROFILE_TCP_OPTION", "table_content": [ {"uuid":"TCPOPT00-0000-0000-0000-000000000001","tcp_passthrough":0,"bypass_duplicated_packet":0,"client_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"server_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"is_valid":1} ] }, { "table_name": "PXY_SSL_FINGERPRINT", "table_content": [ {"uuid":"JA300000-0000-0000-0000-000000000001","ja3_hash":"599f223c2c9ee5702f5762913889dc21","pinning_state":1,"is_valid":1}, {"uuid":"JA300000-0000-0000-0000-000000000002","ja3_hash":"eb149984fc9c44d85ed7f12c90d818be","pinning_state":1,"is_valid":1}, {"uuid":"JA300000-0000-0000-0000-000000000003","ja3_hash":"e6573e91e6eb777c0933c5b8f97f10cd","pinning_state":1,"is_valid":1} ] }, { "table_name": "APP_ID_DICT", "table_content": [ {"app_id":67,"object_id":201,"app_name":"http","parent_app_id":0,"parent_app_name":null,"category":"general-internet","subcategory":"internet-utility","content":"unknown","risk":"1","characteristics":null,"deny_action":null,"depends_on_app_ids":"null","implicitly_uses_app_ids":"null","continue_scanning":0,"tcp_timeout":120,"udp_timeout":120,"tcp_half_close":0,"tcp_time_wait":0,"is_valid":1,"modified_time":"1716531859000000"}, {"app_id":68,"object_id":68000,"app_name":"https","parent_app_id":0,"parent_app_name":null,"category":"general-internet","subcategory":"internet-utility","content":"unknown","risk":"1","characteristics":null,"deny_action":null,"depends_on_app_ids":"null","implicitly_uses_app_ids":"null","continue_scanning":0,"tcp_timeout":120,"udp_timeout":120,"tcp_half_close":0,"tcp_time_wait":0,"is_valid":1,"modified_time":"1716531859000000"} ] } ] }