Adding or Deleting a Custom Blacklist Rule Using the CLI

Use the CLI commands in this topic to add a rule to a custom blacklist or to delete a rule from a custom blacklist. You can add up to 10,000 blacklist entries to the appliance database.

To add rules to a custom blacklist:

  1. Go to CLI configuration mode.

    hostname > enable
hostname # configure terminal

  2. Specify the type of rule to add to a custom blacklist.

    • To add the blacklist rule based on the SHA-256 hash file and the associated SHA-256 signature:

      hostname (config) # analysis custom blacklist sha256 <sha256> signature <sha256_signature>

    • To add the blacklist rule based on the URL:

      hostname (config) # analysis custom blacklist url <URL>
  3. Verify that the specified SHA-256 hash file and the associated SHA-256 signature are added to the custom blacklist.
    4. hostname (config) # show analysis custom blacklist
  4. Verify that the specified URLs are added to the custom blacklist.
    5. hostname (config) # show analysis custom blacklist urls

  5. Save your changes.

    hostname (config) # write memory

Examples

This example adds the URL "http://jx60-glj-4yl7.iur.trade/index/207.php" to a custom blacklist:

hostname (config) # analysis custom blacklist url http://jx60-glj-4yl7.iur.trade/index/207.php
hostname # show analysis custom blacklist urls
Successfully fetched url
Custom Blacklist URLs:
  URL: Signature Name
  http://jx60-glj-4yl7.iur.trade/index/207.php?M=19217077!N=232!L=207!F=H: Block-List-Match-Url

This examples adds the SHA-256 hash file "874b0f0ba2cf612a195be31816a28d16a4a52847cdd45ce8c4b2670a0a0c1ad1" and the associated SHA-256 signature "Custom.Blacklist" to a custom blacklist:

hostname (config) # analysis custom blacklist sha256 874b0f0ba2cf612a195be31816a28d16a4a52847cdd45ce8c4b2670a0a0c1ad1 signature Custom.Blacklist
hostname (config) # show analysis custom blacklist
Custom blacklists:
Sha256 : Signature Name
874b0f0ba2cf612a195be31816a28d16a4a52847cdd45ce8c4b2670a0a0c1ad1 : Custom.Blacklist

To delete rules from a custom blacklist:

  1. Go to CLI configuration mode.
    hostname > enable
hostname # configure terminal
  2. Specify the type of rule to delete from a custom blacklist.
    • To delete the blacklist rule based on the URL:

      • hostname (config) # no analysis custom blacklist url <URL>

    • To delete the blacklist rule based on the SHA-256 hash file and the associated SHA-256 signature:

      • hostname (config) # no analysis custom blacklist sha256 <sha256>

  3. Verify that the specified URLs are deleted from the custom blacklist.

    4. hostname (config) # show analysis custom blacklist urls

  4. Verify that the specified SHA-256 hash file and the associated SHA-256 signature are deleted from the custom blacklist.

    5. hostname (config) # show analysis custom blacklist

  5. Save your changes.
    hostname (config) # write memory
Saving configuration file ... Done!

Examples

This example deletes the URL "http://jx60-glj-4yl7.iur.trade/index/207.php" from a custom blacklist:

hostname (config) # no analysis custom blacklist url http://jx60-glj-4yl7.iur.trade/index/207.php
hostname (config) # show analysis custom blacklist urls
url blacklist not found

This examples deletes the SHA-256 hash file "874b0f0ba2cf612a195be31816a28d16a4a52847cdd45ce8c4b2670a0a0c1ad1" and the associated SHA-256 signature from a custom blacklist:

hostname (config) # no analysis custom blacklist sha256 874b0f0ba2cf612a195be31816a28d16a4a52847cdd45ce8c4b2670a0a0c1ad1