Skip to main content

Alarm for HTTPS Protocol Mismatch

This rule returns true and alarms if an application other than HTTPS is detected on port 443.

function Flow_AlarmForHTTPSProtocolMismatch (dpiMsg, ruleEngine)
  require 'LOG'
  if not (IsFinalShortFlow(dpiMsg)) then
    return false
  end
  EZINFO('final flow')
  local port_dst = GetInt(dpiMsg, 'internal', 'destport')
  if port_dst == 443 then
    EZINFO('443')
    local my_application = GetLatestApplication(dpiMsg)
    EZINFO('Application '.. my_application)
    if my_application ~='https' then
      EZWARNING("Protocol Mismatch -" .. my_application .. ' on 443')
      local x = TriggerUserAlarm(dpiMsg, ruleEngine, 'medium')
    end
  end
end
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.