1

I'm currently setting up a server for a customer and they require the Stingray traffic managers application firewall to be active as an additional layer of protection.

They're however wanting to allow any FTP traffic between the sizes of 500mb to 600mb straight through to the server and avoid the Application Firewall completely as to not be an additional drain on resources.

I've managed to find that the 'RequestWhitelist' parameter can be used within these rules by looking through the user manual (Page 55 if anyone's interested), however I'm having issues implementing this as I'm not too sure what type of syntax to use for this rule.

Also, forgive me if this is a basic question, however I didn't think it was possible to set a rule dependant on size, due to the fact that each packet will be only a few KB in size. However I can see that there is 'enforcer_max_body_size' within the WAF that will deny any requests with a body larger than X amount, however not sure where this would be picked up from and how I could use this within my rule.

Has anyone else had to configure anything like this within Stingray?

JackWhiteIII
  • 1,388
  • 2
  • 11
  • 25
Shneebs
  • 11
  • 1
  • A network level device is not going to have any idea how big a file being transferred is - it only sees packets that are less than the link's MTU - 1500 bytes for ethernet, possibly up to 8KB or so for gigabit or faster networks... Looking at the first few packets of a transfer and somehow deciding whether the total transfer is going to be in your specific range is going to be difficult - an FTP protocol analyzer might be able to do it, if the head of the transfer includes the file size somehow, but I'm not clear on whether that's universally true... – twalberg Jun 22 '15 at 18:17

0 Answers0