|
|
|||||||
| Home | Documentation | Download | Latest Rule File | Rule Database | Mailing List | Contact | ||
Overview
Guardian@JUMPERZ.NET is an open source application layer firewall for HTTP/HTTPS. It works as a reverse proxy server. It analyzes all HTTP/HTTPS traffic against rule-based signatures and protects web servers and web applications from attack. When unauthorized activity is detected, Guardian@JUMPERZ.NET can disconnect the TCP connection before the malicious request reach the web server.For more details read the Users Manual.
Console Screen Shot:
Documentation
- Users Manual( English ) : HTML tar.gz- Users Manual( Japanese ) : HTML tar.gz
Download
- jumperz_net_083.jar- guardian_conf.tar.gz
- Users Manual( English )
- Users Manual( Japanese )
Latest Rule File
Get latest rules in rule file format.Rule Database
| ID | Name | Type | Pattern |
| GID1 | ScanProxy | requestUri | ^/ |
| GID2 | ExecDefaultPlugins(request) | requestLine | ^ |
| GID3 | ExecDefaultPlugins(response) | statusLine | ^ |
| GID14 | PhatBot | requestLine | ^SEARCH /\x90(\x02\xB1){1000,} |
| GID19 | Nimda | requestHeader | ^Host: www$ |
| GID4 | NopSled(requestLine) | requestLine | \x90{4} |
| GID5 | NopSled(requestHeader) | requestHeader | \x90{4} |
| GID6 | NopSled(requestBody) | requestBody | \x90{4} |
| GID7 | BinaryResponse | responseBodyHead | [\x00-\x08\x0B\x0E-\x1A\x1C-\x1F] |
| GID59 | NotBinaryResponse | ruleGroup | GID7 |
| GID60 | PDFResponse | responseBodyHead | |
| GID61 | NotPDFResponse | ruleGroup | GID60 |
| GID8 | TextResponse | ruleGroup | GID59 + GID61 |
| GID9 | BufferOverflow(URI) | requestUri | .{300} |
| GID10 | BufferOverflow(requestLine) | requestLine | .{300} |
| GID58 | BufferOverflow(requestHeader) | requestHeader | .{300} |
| GID11 | NullByte(requestLine) | requestLine | \x00 |
| GID37 | %00(requestLine) | requestLine | %00 |
| GID12 | NullByte(requestHeader) | requestHeader | \x00 |
| GID13 | NullByte(requestBody) | requestBody | \x00 |
| GID15 | PHPErrorMessage | responseBodyLine | <b>(Warning|Fatal error)</b>: |
| GID16 | Exploit(requestLine) | requestLine | [\x00-\x1F\x7F-\xFF] |
| GID36 | Exploit(requestUri) | requestUri | [\x00-\x1F&&[^\x09\x0A\x0D\x1B]] |
| GID17 | Exploit(requestHeader) | requestHeader | [\x00-\x1F\x7F-\xFF] |
| GID18 | DirectoryTraversal(requestUri) | requestUri | \.\./ |
| GID41 | DirectoryTraversal(requestHeader) | requestHeader | \.\./ |
| GID42 | DirectoryTraversal(requestBody) | decodedRequestBody | \.\./ |
| GID21 | ChunkedEncoding | requestHeader | ^Transfer-Encoding: {0,}chunked$ |
| GID22 | AbnormalMethod | requestLine | ^(GET|POST|HEAD) |
| GID23 | Sumthin | requestUri | ^/sumthin$ |
| GID33 | FrontPage | requestUri | ^/_vti_bin/ |
| GID24 | WindowsExtension | requestUriPath | \.(com|exe|dll|ida)$ |
| GID25 | AbnormalHTTPVersion | requestLine | HTTP/1\.(0|1)$ |
| GID26 | Exploit(requestBody) | requestBody | [^-/~=&+*._@%0-9a-zA-Z] |
| GID27 | HTTP1.1 | requestLine | HTTP/1\.1$ |
| GID28 | NoHost | requestHeader | ^Host: |
| GID29 | NoHostHTTP1.1 | ruleGroup | GID27 + GID28 |
| GID30 | basicAuthenticationRequest | requestHeader | ^Authorization: {0,}Basic |
| GID31 | 401Response | statusLine | 401 |
| GID32 | LoginFailure | ruleGroup | GID30 + GID31 |
| GID34 | UnixFileAccess(requestUri) | requestUri | /(bin|usr|etc|proc|opt|sbin|local|dev|tmp|kern|boot|root|sys)/ |
| GID35 | UnixFileAccess(requestBody) | decodedRequestBody | /(bin|usr|etc|proc|opt|sbin|local|dev|tmp|kern|boot|root|sys)/ |
| GID38 | XSS | paramValue | (script|\.cookie) |
| GID20 | SQLInjection | paramValue | ^'$ |
| GID43 | SQLInjection(UNION) | paramValue | UNION |
| GID44 | SQLInjection(GROUP_BY) | paramValue | GROUP\W{1,}BY |
| GID45 | SQLInjection(ORDER_BY) | paramValue | ORDER\W{1,}BY |
| GID46 | SQLInjection(--) | paramValue | -- |
| GID47 | SQLInjection(1=1) | paramValue | [0-9]{1,}\W{0,}=\W{0,}[0-9]{1,} |
| GID48 | SQLInjection(HAVING) | paramValue | HAVING |
| GID49 | SQLInjection(SELECT_FROM) | paramValue | SELECT.*FROM |
| GID50 | SQLInjection(INSERT_INTO) | paramValue | INSERT\W{1,}INTO |
| GID51 | SQLInjection(CREATE_TABLE) | paramValue | CREATE\W{1,}TABLE |
| GID52 | SQLInjection(SELECT_COUNT) | paramValue | SELECT\W{1,}COUNT |
| GID53 | Semicolon | paramValue | ; |
| GID54 | AbnormalStatusCode | statusLine | (2|3)[0-9]{2}|404|401 |
| GID55 | SQLInjection(ODBC_Error) | responseBodyLine | Microsoft OLE DB Provider for ODBC Drivers |
| GID56 | SQLInjection(WHERE_LIKE) | paramValue | WHERE.*LIKE |
| GID57 | SQLInjection(DELETE_FROM) | paramValue | DELETE\W{1,}FROM |
| GID62 | %00(requestBody) | requestBody | %00 |
| GID63 | SQLInjection(UPDATE_SET) | paramValue | UPDATE.*\W+SET\W+ |