Closed gatsukito closed 4 years ago
Am I right that:
Please provide from your ioc2rpz.conf file the following lines:
Depending on the results I may move it from ioc2rpz.gui to ioc2rpz
Yes, I am using a source with this link: https://raw.githubusercontent.com/notracking/hosts-blocklists/master/domains.txt and it contains "yellowcabnc.com"
My whitelist contains "yellowcabnc.com"
And also my RPZ configuration has checked the white list.
Finally, this is my config about ioc2rpz.conf
% whitelist record: name, path, regex
{whitelist,{"whitelist_1","file:/opt/ioc2rpz/cfg/whitelist1.txt",none}}.
% source record: name, axfr_path, ixfr_path, regex
{source,{"dns-bh","http://mirror1.malwaredomains.com/files/spywaredomains.zones","[:AXFR:]","^zone \"([A-Za-z0-9\-\._]+)\".*$"}}.
{source,{"notracking_hosts","https://raw.githubusercontent.com/notracking/hosts-blocklists/master/hostnames.txt","[:AXFR:]","^0\.0\.0\.0 ([A-Za-z0-9\._\-]+[A-Za-z])$"}}.
{source,{"notracking_domains","https://raw.githubusercontent.com/notracking/hosts-blocklists/master/domains.txt","[:AXFR:]","^address=\/([A-Za-z0-9\._\-]+[A-Za-z])\/0\.0\.0\.0$"}}.
{source,{"conficker","https://data.netlab.360.com/feeds/dga/conficker.txt","[:AXFR:]","^(?!host)(?!ip)\"?\'?([A-Za-z0-9][A-Za-z0-9\-\._]+)[^A-Za-z0-9\-\._]*.*$"}}.
% rpz record: name, SOA refresh, SOA update retry, SOA expiration, SOA NXDomain TTL, Cache, Wildcards, Action, [tkeys], ioc_type, AXFR_time, IXFR_time, [sources], [notify], [whitelists]
{rpz,{"dns-bh.ioc2rpz",86400,3600,2592000,7200,"true","true","nxdomain",["tkey_1"],"mixed",604800,86400,["dns-bh"],["127.0.0.1"],["whitelist_1"]}}.
{rpz,{"notracking.ioc2rpz",86400,3600,2592000,7200,"true","true","nxdomain",["tkey_1"],"mixed",604800,86400,["notracking_hosts","notracking_domains"],[],["whitelist_1"]}}.
{rpz,{"conficker.ioc2rpz",86400,3600,2592000,7200,"true","true","nxdomain",["tkey_1"],"mixed",604800,86400,["conficker"],[],["whitelist_1"]}}.
Thanks for reporting! I've fixed the bug in the "dev" branch. I'll need to make a few tests before moving it to the "master" branch.
Thanks you. ioc2rpz is a big tool and I love it
Thanks! I've pushed the patch to the master branch.
Steps
How can I do than whitelist allows me to do http request to "yellowcabnc.com"?