""ET POLICY Possible Psiphon Proxy Tool traffic""
SID: 2022679
Revision: 3
Class Type: policy-violation
Metadata: created_at 2016_03_28, updated_at 2016_03_30
Reference:
-
md5
-
a050a1e9fa0fe0e01cfbf14ead388c4e
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "POST"
-
Value: "Content-Length|3a|"
-
Value: "Content-Type|3a 20|application/octet-stream|0d 0a|"
-
Value: "Accept-Encoding|3a| gzip"
-
Value: !"User-Agent|3a 20|"
-
Value: !"Referer|3a|"
-
Value: !"Connection"
-
Value: !"Cache-Control"
-
Value: !"Accept|3a 20|"
-
Value: "Cookie|3a 20|"
Within:
PCRE: "/^[A-Z]=(?:[A-Za-z0-9+/])+=?=?\r\n/R"
Special Options:
-
http_method
-
http_header
-
http_header
-
nocase
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header