gfwleak/tango-verify-policy
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-09-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
de39bb7b686fbc0893e9303554bc876f2a01fa7a
tango-verify-policy/resource/pangu_http.json
fengweihao faf21bde42 管控策略命中通过版本 
1. 添加安全策略table_info文件
2. 修改管控策略命中问题
3. 安全策略存在无法多命中
2020-01-17 18:57:51 +08:00

324 lines
12 KiB
JSON
Raw Blame History

{
"compile_table": "PXY_CTRL_COMPILE",
"group_table": "PXY_CTRL_GROUP",
"rules": [
{
"compile_id": 1021,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"user_region": "{\"protocol\":\"http\",\"method\":\"redirect\",\"code\":302,\"to\":\"https://www.baidu.com/index.html\"}",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "PXY_CTRL_HTTP_URL",
"table_type": "string",
"table_content": {
"keywords": "www.rbc.ru",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 1022,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"user_region": "{\"protocol\":\"http\",\"method\":\"block\",\"code\":403,\"message\":\"error\",\"html_profile\":101}",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "PXY_CTRL_HTTP_URL",
"table_type": "string",
"table_content": {
"keywords": "bing.com",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 1023,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"user_region": "{\"protocol\":\"http\",\"method\":\"block\",\"code\":403,\"message\":\"error\",\"html_profile\":102}",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "PXY_CTRL_HTTP_URL",
"table_type": "string",
"table_content": {
"keywords": "pc.wps.cn",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 1024,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"user_region": "{\"protocol\":\"http\",\"method\":\"replace\",\"rules\":[{\"search_in\":\"http_resp_body\",\"find\":\"比特币\",\"replace_with\":\"硬币\"}]}",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "PXY_CTRL_HTTP_URL",
"table_type": "string",
"table_content": {
"keywords": "edu.csdn.net/course/detail/6998",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 1025,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"user_region": "{\"protocol\":\"http\",\"method\":\"hijack\",\"hijack_profile\":201}",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "PXY_CTRL_HTTP_URL",
"table_type": "string",
"table_content": {
"keywords": "www.wireshark.org/download/win32/WiresharkPortable_2.6.8.paf.exe",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 1026,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"user_region": "{\"protocol\":\"http\",\"method\":\"hijack\",\"hijack_profile\":201}",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "PXY_CTRL_HTTP_URL",
"table_type": "string",
"table_content": {
"keywords": "www.downcc.com/ajax.asp",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 1027,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"user_region": "{\"protocol\":\"http\",\"method\":\"hijack\",\"hijack_profile\":202}",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "PXY_CTRL_HTTP_URL",
"table_type": "string",
"table_content": {
"keywords": "dldir1.qq.com/foxmail/windows/FoxmailSetup_7.2.10.151.exe",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 1028,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"user_region": "{\"protocol\":\"http\",\"method\":\"insert\",\"insert_profile\":302}",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "PXY_CTRL_HTTP_URL",
"table_type": "string",
"table_content": {
"keywords": "mirror.hoster.kz/centos",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 1029,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"user_region": "{\"protocol\":\"http\",\"method\":\"insert\",\"insert_profile\":303,\"position\":\"after-page-load\"}",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "PXY_CTRL_HTTP_URL",
"table_type": "string",
"table_content": {
"keywords": "100wa.com/music",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 1030,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"user_region": "{\"protocol\":\"http\",\"method\":\"insert\",\"insert_profile\":303,\"position\":\"before-page-load\"}",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "PXY_CTRL_HTTP_URL",
"table_type": "string",
"table_content": {
"keywords": "www.youku.com",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 1031,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"user_region": "{\"protocol\":\"http\",\"method\":\"replace\",\"rules\":[{\"search_in\":\"http_req_uri\",\"find\":\"(?<=\\\\\\?|^|&)q=([^&|^#]*)(?=&|$)\",\"replace_with\":\"q=find\"},{\"search_in\":\"http_req_uri\",\"find\":\"(?<=\\\\\\?|^|&)ei=([^&|^#]*)(?=&|$)\",\"replace_with\":\"ei=chaxun\"}]}",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "PXY_CTRL_HTTP_URL",
"table_type": "string",
"table_content": {
"keywords": "www.google.com/search?",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
}
],
"plugin_table": [
{
"table_name": "PXY_PROFILE_RESPONSE_PAGES",
"table_content": [
"101\t404\thtml\t./resource/pangu/policy_file/404.html\t1",
"102\tHTTP403\ttemplate\t./resource/pangu/HTTP403.html\t1"
]
},
{
"table_name": "PXY_PROFILE_HIJACK_FILES",
"table_content": [
"201\tchakanqi\tchakanqi-947KB.exe\tapplication/x-msdos-program\t./resource/pangu/policy_file/chakanqi-947KB.exe\t1",
"202\tWPS8648\tWPS8648-132M.exe\tapplication/x-msdos-program\t./resource/pangu/policy_file/WPS8648-132M.exe\t1"
]
},
{
"table_name": "PXY_PROFILE_INSERT_SCRIPTS",
"table_content": [
"301\ttime\tjs\t./resource/pangu/policy_file/time.js\tbefore_page_load\t1",
"302\tu1\tcss\t./resource/pangu/policy_file/u1.css\tbefore_page_load\t1",
"303\tu1\tjs\t./resource/pangu/policy_file/alert.js\tbefore_page_load\t1"
]
},
{
"table_name": "TSG_SECURITY_COMPILE",
"table_content": [
"0\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL/HTTP\",\"keyring\":765,\"dynamic_bypass\":{\"ev_cert\":0,\"cert_transparency\":0,\"mutual_authentication\":1,\"cert_pinning\":1,\"protocol_errors\":1},\"certificate_checks\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":0},\"fail_action\":\"pass-through\"},\"protocol_version\":{\"min\":\"ssl3\",\"max\":\"ssl3\",\"mirror_client\":1,\"allow_http2\":1},\"decrypt_mirror\":{\"enable\":0}}\t1\t2",
"1\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL/HTTP\",\"keyring\":0,\"dynamic_bypass\":{\"ev_cert\":0,\"cert_transparency\":0,\"mutual_authentication\":1,\"cert_pinning\":1},\"certificate_checks\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":1},\"fail_action\":\"pass-through\"},\"protocol_version\":{\"min\":\"ssl3\",\"max\":\"tls13\",\"mirror_client\":1},\"decrypt_mirror\":{\"enable\":1,\"mirror_profile\":4}}\t1\t2"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink