What is the Difference Between IPS and APP?

Forum|Forum|1 year ago
July 14, 2024
1 reply
784 views

I am currently exploring the differences between IPS and APP, specifically in the context of securing HTTPS servers. Here is my rule for testing:

#For APP, working good at http, a lot of ip not blocking in https. F-SBID(--name "Http 403"; --pattern "403 forbidden"; --protocol tcp; --no_case; --flow from_server;)  #For IPS, both http & https are working good. F-SBID(--name "Http 403"; --pattern "403 forbidden"; --protocol tcp; --no_case; --flow from_server,reversed;)

1. IPS and APP can use the same syntax. If I want to protect an HTTPS server, should I use IPS or APP?

2. Have any more details about IPS and APP?

3. Looks like App have issue for https traffic, maybe is bug?

AEK

SuperUser

Hope this few info can help:

IPS and App signatures are basically similar, with same syntax, and work in the same way
You use App signature to recognize the application behind the traffic, and you use IPS to recognize the attack (and block it if configured so)

AEK

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded