gfwleak/tango-verify-policy
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

管控策略命中通过版本

Browse Source 
1. 添加安全策略table_info文件
2. 修改管控策略命中问题
3. 安全策略存在无法多命中
This commit is contained in:
fengweihao
2020-01-17 18:57:51 +08:00
parent 7740e213da
commit faf21bde42
7 changed files with 467 additions and 163 deletions
Download Patch File Download Diff File Expand all files Collapse all files

323
resource/pangu_http.json Normal file
View File

@@ -0,0 +1,323 @@
{
"compile_table": "PXY_CTRL_COMPILE",
"group_table": "PXY_CTRL_GROUP",
"rules": [
{
"compile_id": 1021,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"user_region": "{\"protocol\":\"http\",\"method\":\"redirect\",\"code\":302,\"to\":\"https://www.baidu.com/index.html\"}",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "PXY_CTRL_HTTP_URL",
"table_type": "string",
"table_content": {
"keywords": "www.rbc.ru",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 1022,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"user_region": "{\"protocol\":\"http\",\"method\":\"block\",\"code\":403,\"message\":\"error\",\"html_profile\":101}",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "PXY_CTRL_HTTP_URL",
"table_type": "string",
"table_content": {
"keywords": "bing.com",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 1023,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"user_region": "{\"protocol\":\"http\",\"method\":\"block\",\"code\":403,\"message\":\"error\",\"html_profile\":102}",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "PXY_CTRL_HTTP_URL",
"table_type": "string",
"table_content": {
"keywords": "pc.wps.cn",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 1024,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"user_region": "{\"protocol\":\"http\",\"method\":\"replace\",\"rules\":[{\"search_in\":\"http_resp_body\",\"find\":\"比特币\",\"replace_with\":\"硬币\"}]}",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "PXY_CTRL_HTTP_URL",
"table_type": "string",
"table_content": {
"keywords": "edu.csdn.net/course/detail/6998",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 1025,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"user_region": "{\"protocol\":\"http\",\"method\":\"hijack\",\"hijack_profile\":201}",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "PXY_CTRL_HTTP_URL",
"table_type": "string",
"table_content": {
"keywords": "www.wireshark.org/download/win32/WiresharkPortable_2.6.8.paf.exe",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 1026,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"user_region": "{\"protocol\":\"http\",\"method\":\"hijack\",\"hijack_profile\":201}",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "PXY_CTRL_HTTP_URL",
"table_type": "string",
"table_content": {
"keywords": "www.downcc.com/ajax.asp",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 1027,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"user_region": "{\"protocol\":\"http\",\"method\":\"hijack\",\"hijack_profile\":202}",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "PXY_CTRL_HTTP_URL",
"table_type": "string",
"table_content": {
"keywords": "dldir1.qq.com/foxmail/windows/FoxmailSetup_7.2.10.151.exe",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 1028,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"user_region": "{\"protocol\":\"http\",\"method\":\"insert\",\"insert_profile\":302}",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "PXY_CTRL_HTTP_URL",
"table_type": "string",
"table_content": {
"keywords": "mirror.hoster.kz/centos",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 1029,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"user_region": "{\"protocol\":\"http\",\"method\":\"insert\",\"insert_profile\":303,\"position\":\"after-page-load\"}",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "PXY_CTRL_HTTP_URL",
"table_type": "string",
"table_content": {
"keywords": "100wa.com/music",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 1030,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"user_region": "{\"protocol\":\"http\",\"method\":\"insert\",\"insert_profile\":303,\"position\":\"before-page-load\"}",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "PXY_CTRL_HTTP_URL",
"table_type": "string",
"table_content": {
"keywords": "www.youku.com",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 1031,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"user_region": "{\"protocol\":\"http\",\"method\":\"replace\",\"rules\":[{\"search_in\":\"http_req_uri\",\"find\":\"(?<=\\\\\\?|^|&)q=([^&|^#]*)(?=&|$)\",\"replace_with\":\"q=find\"},{\"search_in\":\"http_req_uri\",\"find\":\"(?<=\\\\\\?|^|&)ei=([^&|^#]*)(?=&|$)\",\"replace_with\":\"ei=chaxun\"}]}",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "PXY_CTRL_HTTP_URL",
"table_type": "string",
"table_content": {
"keywords": "www.google.com/search?",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
}
],
"plugin_table": [
{
"table_name": "PXY_PROFILE_RESPONSE_PAGES",
"table_content": [
"101\t404\thtml\t./resource/pangu/policy_file/404.html\t1",
"102\tHTTP403\ttemplate\t./resource/pangu/HTTP403.html\t1"
]
},
{
"table_name": "PXY_PROFILE_HIJACK_FILES",
"table_content": [
"201\tchakanqi\tchakanqi-947KB.exe\tapplication/x-msdos-program\t./resource/pangu/policy_file/chakanqi-947KB.exe\t1",
"202\tWPS8648\tWPS8648-132M.exe\tapplication/x-msdos-program\t./resource/pangu/policy_file/WPS8648-132M.exe\t1"
]
},
{
"table_name": "PXY_PROFILE_INSERT_SCRIPTS",
"table_content": [
"301\ttime\tjs\t./resource/pangu/policy_file/time.js\tbefore_page_load\t1",
"302\tu1\tcss\t./resource/pangu/policy_file/u1.css\tbefore_page_load\t1",
"303\tu1\tjs\t./resource/pangu/policy_file/alert.js\tbefore_page_load\t1"
]
},
{
"table_name": "TSG_SECURITY_COMPILE",
"table_content": [
"0\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL/HTTP\",\"keyring\":765,\"dynamic_bypass\":{\"ev_cert\":0,\"cert_transparency\":0,\"mutual_authentication\":1,\"cert_pinning\":1,\"protocol_errors\":1},\"certificate_checks\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":0},\"fail_action\":\"pass-through\"},\"protocol_version\":{\"min\":\"ssl3\",\"max\":\"ssl3\",\"mirror_client\":1,\"allow_http2\":1},\"decrypt_mirror\":{\"enable\":0}}\t1\t2",
"1\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL/HTTP\",\"keyring\":0,\"dynamic_bypass\":{\"ev_cert\":0,\"cert_transparency\":0,\"mutual_authentication\":1,\"cert_pinning\":1},\"certificate_checks\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":1},\"fail_action\":\"pass-through\"},\"protocol_version\":{\"min\":\"ssl3\",\"max\":\"tls13\",\"mirror_client\":1},\"decrypt_mirror\":{\"enable\":1,\"mirror_profile\":4}}\t1\t2"
]
}
]
}

47
resource/table_info.conf
View File

@@ -15,35 +15,18 @@
#
#For expr/expr_plus Table
#id name type src_charset dst_charset do_merge cross_cache quick_mode
0 PXY_CTRL_COMPILE compile escape --
1 GROUP_COMPILE_RELATION group --
2 TSG_OBJ_IP_ADDR ip_plus ---
3 TSG_OBJ_URL expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff
4 TSG_FIELD_HTTP_URL virtual TSG_OBJ_URL --
5 TSG_OBJ_FQDN expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff
5 TSG_OBJ_FQDN_CAT expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff
6 TSG_FIELD_HTTP_HOST virtual TSG_OBJ_FQDN --
7 TSG_OBJ_HTTP_SIGNATURE expr_plus UTF8 UTF8 yes 0 quickoff
8 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
9 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
10 TSG_OBJ_KEYWORDS expr UTF8 GBK/UNICODE/UTF8 yes 128 quickoff
11 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS --
12 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS --
13 TSG_OBJ_SUBSCRIBER_ID expr UTF8 UTF8 yes 0 quickon
14 TSG_FIELD_SSL_SNI virtual TSG_OBJ_FQDN --
15 TSG_FIELD_SSL_CN virtual TSG_OBJ_FQDN --
16 TSG_FIELD_SSL_SAN virtual TSG_OBJ_FQDN --
17 TSG_FIELD_DNS_QNAME virtual TSG_OBJ_FQDN --
18 TSG_OBJ_ACCOUNT expr UTF8 UTF8 yes 0
19 TSG_FIELD_MAIL_ACCOUNT virtual TSG_OBJ_ACCOUNT --
20 TSG_FIELD_MAIL_FROM virtual TSG_OBJ_ACCOUNT --
21 TSG_FIELD_MAIL_TO virtual TSG_OBJ_ACCOUNT --
22 TSG_FIELD_MAIL_SUBJECT virtual TSG_OBJ_KEYWORDS --
23 TSG_FIELD_MAIL_CONTENT virtual TSG_OBJ_KEYWORDS --
24 TSG_FIELD_MAIL_ATT_NAME virtual TSG_OBJ_KEYWORDS --
25 TSG_FIELD_MAIL_ATT_CONTENT virtual TSG_OBJ_KEYWORDS --
26 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL --
27 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS --
28 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT --
0 PXY_CTRL_COMPILE compile escape --
1 GROUP_COMPILE_RELATION group --
2 TSG_OBJ_IP_ADDR ip_plus ---
3 TSG_OBJ_URL expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff
4 TSG_FIELD_HTTP_URL virtual TSG_OBJ_URL --
5 TSG_OBJ_FQDN expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff
5 TSG_OBJ_FQDN_CAT expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff
6 TSG_FIELD_HTTP_HOST virtual TSG_OBJ_FQDN --
7 TSG_OBJ_HTTP_SIGNATURE expr_plus UTF8 UTF8 yes 0 quickoff
8 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
9 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
10 TSG_OBJ_KEYWORDS expr UTF8 GBK/UNICODE/UTF8 yes 128 quickoff
11 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS --
12 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS --
13 TSG_OBJ_SUBSCRIBER_ID expr UTF8 UTF8 yes 0 quickon

42
resource/tsg_static_tableinfo.conf Normal file
View File

@@ -0,0 +1,42 @@
#each collumn seperate with '\t'
#id (0~65535)
#name string
#type one of ip,expr,expr_plus,digest,intval,compile or plugin
#src_charset one of GBK,BIG5,UNICODE,UTF8
#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/'
#do_merege yes or no
#cross cache 0~max
#quickswitch quickon or quick off
#id name type src_charset dst_charset do_merge cross_cache quickswitch
0 TSG_SECURITY_COMPILE compile escape --
1 GROUP_COMPILE_RELATION group UTF8 UTF8 no 0
2 TSG_OBJ_IP_ADDR ip_plus UTF8 UTF8 no 0
3 TSG_OBJ_SUBSCRIBER_ID expr UTF8 UTF8 yes 0
4 TSG_OBJ_ACCOUNT expr UTF8 UTF8 yes 0
5 TSG_OBJ_URL expr UTF8 UTF8/GBK yes 0
6 TSG_OBJ_FQDN expr UTF8 UTF8 yes 0
6 TSG_OBJ_FQDN_CAT expr UTF8 UTF8 yes 0
7 TSG_OBJ_KEYWORDS expr UTF8 UTF8/GBK yes 0
8 TSG_OBJ_APP_ID expr UTF8 UTF8 yes 0
9 TSG_OBJ_HTTP_SIGNATURE expr_plus UTF8 UTF8/GBK yes 0
10 TSG_FIELD_HTTP_HOST virtual TSG_OBJ_FQDN --
11 TSG_FIELD_HTTP_URL virtual TSG_OBJ_URL --
12 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
13 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
14 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS --
15 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS --
16 TSG_FIELD_SSL_SNI virtual TSG_OBJ_FQDN --
17 TSG_FIELD_SSL_CN virtual TSG_OBJ_FQDN --
18 TSG_FIELD_SSL_SAN virtual TSG_OBJ_FQDN --
19 TSG_FIELD_DNS_QNAME virtual TSG_OBJ_FQDN --
20 TSG_FIELD_MAIL_ACCOUNT virtual TSG_OBJ_ACCOUNT --
21 TSG_FIELD_MAIL_FROM virtual TSG_OBJ_ACCOUNT --
22 TSG_FIELD_MAIL_TO virtual TSG_OBJ_ACCOUNT --
23 TSG_FIELD_MAIL_SUBJECT virtual TSG_OBJ_KEYWORDS --
24 TSG_FIELD_MAIL_CONTENT virtual TSG_OBJ_KEYWORDS --
25 TSG_FIELD_MAIL_ATT_NAME virtual TSG_OBJ_KEYWORDS --
26 TSG_FIELD_MAIL_ATT_CONTENT virtual TSG_OBJ_KEYWORDS --
27 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL --
28 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS --
29 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT --
30 FW_PROFILE_DNS_RECORDS plugin {"key":1,"valid":5} --