Home Documentation Download Latest Rule File Rule Database Mailing List Contact

Overview

Guardian@JUMPERZ.NET is an open source application layer firewall for HTTP/HTTPS. It works as a reverse proxy server. It analyzes all HTTP/HTTPS traffic against rule-based signatures and protects web servers and web applications from attack. When unauthorized activity is detected, Guardian@JUMPERZ.NET can disconnect the TCP connection before the malicious request reach the web server.

For more details read the Users Manual.





Console Screen Shot:



Documentation

- Users Manual( English ) : HTML  tar.gz
- Users Manual( Japanese ) : HTML  tar.gz


Download

- jumperz_net_083.jar
- guardian_conf.tar.gz


- Users Manual( English )
- Users Manual( Japanese )


Latest Rule File

  Get latest rules in rule file format.


Rule Database

ID Name Type Pattern
GID1 ScanProxy requestUri ^/
GID2 ExecDefaultPlugins(request) requestLine ^
GID3 ExecDefaultPlugins(response) statusLine ^
GID14 PhatBot requestLine ^SEARCH /\x90(\x02\xB1){1000,}
GID19 Nimda requestHeader ^Host: www$
GID4 NopSled(requestLine) requestLine \x90{4}
GID5 NopSled(requestHeader) requestHeader \x90{4}
GID6 NopSled(requestBody) requestBody \x90{4}
GID7 BinaryResponse responseBodyHead [\x00-\x08\x0B\x0E-\x1A\x1C-\x1F]
GID59 NotBinaryResponse ruleGroup GID7
GID60 PDFResponse responseBodyHead ^%PDF
GID61 NotPDFResponse ruleGroup GID60
GID8 TextResponse ruleGroup GID59 + GID61
GID9 BufferOverflow(URI) requestUri .{300}
GID10 BufferOverflow(requestLine) requestLine .{300}
GID58 BufferOverflow(requestHeader) requestHeader .{300}
GID11 NullByte(requestLine) requestLine \x00
GID37 %00(requestLine) requestLine %00
GID12 NullByte(requestHeader) requestHeader \x00
GID13 NullByte(requestBody) requestBody \x00
GID15 PHPErrorMessage responseBodyLine <b>(Warning|Fatal error)</b>:
GID16 Exploit(requestLine) requestLine [\x00-\x1F\x7F-\xFF]
GID36 Exploit(requestUri) requestUri [\x00-\x1F&&[^\x09\x0A\x0D\x1B]]
GID17 Exploit(requestHeader) requestHeader [\x00-\x1F\x7F-\xFF]
GID18 DirectoryTraversal(requestUri) requestUri \.\./
GID41 DirectoryTraversal(requestHeader) requestHeader \.\./
GID42 DirectoryTraversal(requestBody) decodedRequestBody \.\./
GID21 ChunkedEncoding requestHeader ^Transfer-Encoding: {0,}chunked$
GID22 AbnormalMethod requestLine ^(GET|POST|HEAD)
GID23 Sumthin requestUri ^/sumthin$
GID33 FrontPage requestUri ^/_vti_bin/
GID24 WindowsExtension requestUriPath \.(com|exe|dll|ida)$
GID25 AbnormalHTTPVersion requestLine HTTP/1\.(0|1)$
GID26 Exploit(requestBody) requestBody [^-/~=&+*._@%0-9a-zA-Z]
GID27 HTTP1.1 requestLine HTTP/1\.1$
GID28 NoHost requestHeader ^Host:
GID29 NoHostHTTP1.1 ruleGroup GID27 + GID28
GID30 basicAuthenticationRequest requestHeader ^Authorization: {0,}Basic
GID31 401Response statusLine 401
GID32 LoginFailure ruleGroup GID30 + GID31
GID34 UnixFileAccess(requestUri) requestUri /(bin|usr|etc|proc|opt|sbin|local|dev|tmp|kern|boot|root|sys)/
GID35 UnixFileAccess(requestBody) decodedRequestBody /(bin|usr|etc|proc|opt|sbin|local|dev|tmp|kern|boot|root|sys)/
GID38 XSS paramValue (script|\.cookie)
GID20 SQLInjection paramValue ^'$
GID43 SQLInjection(UNION) paramValue UNION
GID44 SQLInjection(GROUP_BY) paramValue GROUP\W{1,}BY
GID45 SQLInjection(ORDER_BY) paramValue ORDER\W{1,}BY
GID46 SQLInjection(--) paramValue --
GID47 SQLInjection(1=1) paramValue [0-9]{1,}\W{0,}=\W{0,}[0-9]{1,}
GID48 SQLInjection(HAVING) paramValue HAVING
GID49 SQLInjection(SELECT_FROM) paramValue SELECT.*FROM
GID50 SQLInjection(INSERT_INTO) paramValue INSERT\W{1,}INTO
GID51 SQLInjection(CREATE_TABLE) paramValue CREATE\W{1,}TABLE
GID52 SQLInjection(SELECT_COUNT) paramValue SELECT\W{1,}COUNT
GID53 Semicolon paramValue ;
GID54 AbnormalStatusCode statusLine (2|3)[0-9]{2}|404|401
GID55 SQLInjection(ODBC_Error) responseBodyLine Microsoft OLE DB Provider for ODBC Drivers
GID56 SQLInjection(WHERE_LIKE) paramValue WHERE.*LIKE
GID57 SQLInjection(DELETE_FROM) paramValue DELETE\W{1,}FROM
GID62 %00(requestBody) requestBody %00
GID63 SQLInjection(UPDATE_SET) paramValue UPDATE.*\W+SET\W+



Scutum SaaS/ASP型WAFサービス 【スキュータム】Copyright 1998-2009 JUMPERZ.NET All Rights Reserved.