config webfilter urlfilter
    edit 1
        set name "URL_EMS-LE-SECURITY"
        config entries
            edit 1
                set url "ems.testdomain.at/.well-known/acme-challenge/*"
                set type wildcard
                set action monitor
            next
            edit 2
                set url ".*"
                set type regex
                set action block
            next
        end
    next
end
config webfilter profile
    edit "WF_EMS-LE-SECURITY"
        set comment "Web Filter profile that only allows ACME challenges, created by Exclusive Networks"
        config web
            set urlfilter-table 1
        end
		config ftgd-wf
			set options ftgd-disable
		end
    next
end
config waf profile
    edit "WAF_EMS-LE-SECURITY"
		set comment "Web Application Firewall profile that only allows ACME challenges using HTTP GET, created by Exclusive Networks"
        config method
            set status enable
            set default-allowed-methods others
            config method-policy
                edit 1
                    set pattern "/.well-known/acme-challenge/"
                    set address "all"
                    set allowed-methods get
                next
            end
        end
    next
end
config application list
    edit "APP_EMS-LE-SECURITY"
		set comment "Application Control profile that only allows HTTP.BROWSER with Network Protocol Enforcement, created by Exclusive Networks"
        set other-application-log enable
        set unknown-application-action block
        set unknown-application-log enable
        config entries
            edit 1
                set application 15893
                set action pass
            next
            edit 2
                set category 2 3 5 6 7 8 12 15 17 21 22 23 25 26 28 29 30 31 32 36
            next
        end
        set control-default-network-services enable
        config default-network-services
            edit 1
                set port 80
                set services http
            next
        end
    next
end
config ips sensor
    edit "IPS_EMS-LE-SECURITY-GRANULAR"
		set comment "Intrusion Prevention profile that includes signatures for Linux Apache servers using HTTP, created by Exclusive Networks"
        set block-malicious-url enable
        set scan-botnet-connections block
        set extended-log enable
        config entries
            edit 1
                set location server
                set severity medium high critical
                set protocol HTTP
                set os Linux
                set application Apache
                set log-packet enable
                set log-attack-context enable
                set action block
            next
            edit 2
                set location server
                set severity low
                set protocol HTTP
                set os Linux
                set application Apache
                set log-packet enable
                set log-attack-context enable
            next
        end
    next
end
config ips sensor
    edit "IPS_EMS-LE-SECURITY-WIDE"
		set comment "Intrusion Prevention profile that includes signatures for servers, created by Exclusive Networks"
        set block-malicious-url enable
        set scan-botnet-connections block
        set extended-log enable
        config entries
            edit 1
                set location server
                set severity medium high critical
                set log-packet enable
                set log-attack-context enable
                set action block
            next
            edit 2
                set location server
                set severity low
                set log-packet enable
                set log-attack-context enable
            next
        end
    next
end