X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Fanalysisd%2Fcompiled_rules%2Fgeneric_samples.c;fp=src%2Fanalysisd%2Fcompiled_rules%2Fgeneric_samples.c;h=9aae6bebc0986005d23f53e277945109c1fa5ffb;hp=8e05341b1cfc51c6a4b4263b547328524d4d6a31;hb=a62b46c229549212d536867b7e5e24d7576ebe8b;hpb=d623b82886b9b5fbba3fa27c3bfac51f3f8af108

diff --git a/src/analysisd/compiled_rules/generic_samples.c b/src/analysisd/compiled_rules/generic_samples.c
index 8e05341..9aae6be 100644
--- a/src/analysisd/compiled_rules/generic_samples.c
+++ b/src/analysisd/compiled_rules/generic_samples.c
@@ -1,11 +1,11 @@
-/* @(#) $Id: generic_samples.c,v 1.2 2009/06/24 17:06:23 dcid Exp $ */
+/* @(#) $Id$ */
 
 /* Copyright (C) 2009 Trend Micro Inc.
  * All rights reserved.
  *
  * This program is a free software; you can redistribute it
  * and/or modify it under the terms of the GNU General Public
- * License (version 3) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
  * Foundation.
  *
  * License details at the LICENSE file included with OSSEC or 
@@ -129,5 +129,54 @@ void *comp_mswin_targetuser_calleruser_diff(Eventinfo *lf)
 }
 
 
+/* Example 4:
+ * Checks if a HTTP request is a simple GET/POST without a query.
+ * This avoid that we call the attack rules for no reason.
+ */
+void *is_simple_http_request(Eventinfo *lf)
+{
+
+    /* Simple GET / request. */
+    if(strcmp(lf->url,"/") == 0)
+    {
+        return(lf);
+    }
+
+    
+    /* Simple request, no query. */
+    if(!strchr(lf->url,'?'))
+    {
+        return(lf);
+    }
+
+
+    /* In here, we have an additional query to be checked. */
+    return(NULL);
+}
+
+
+/* Example 5:
+ * Checks if the source ip is from a valid bot.
+ */
+void *is_valid_crawler(Eventinfo *lf)
+{
+    if((strncmp(lf->log, "66.249.",7) == 0)|| /* Google bot */
+       (strncmp(lf->log, "72.14.",6) == 0)||  /* Feedfetcher-Google */
+       (strncmp(lf->log, "209.85.",7) == 0)||  /* Feedfetcher-Google */
+       (strncmp(lf->log, "65.55.",6) == 0)||  /* MSN/Bing */
+       (strncmp(lf->log, "207.46.",7) == 0)||  /* MSN/Bing */
+       (strncmp(lf->log, "74.6.",5) == 0)||  /* Yahoo */
+       (strncmp(lf->log, "72.30.",6) == 0)||  /* Yahoo */
+       (strncmp(lf->log, "67.195.",7) == 0)  /* Yahoo */
+      )
+    {
+        return(lf);
+    }
+
+    return(NULL);
+}
+
+
+
 /* END generic samples. */