Forum Discussion
Piotr_Lewandows
Altostratus
AltostratusEnforcement Readiness Summary and HTTP Protocol Compliance
Hi,
I can understand logic of info in this widget for most of the Entity types but can't figure out what is logic for mentioned type.
After Enforcement Readiness Period passed my not trigge...
dragonflymr
Cirrostratus
CirrostratusHi,
N/A makes a bit of sense here but then why to place this Entity Type in Enforcement Readiness Summary (ERS) widget? A bit confusing.
Even if HTTP Protocol Compliance has no staging it has Enable checkbox - in the end checking this is very similar to unchecking Staging for Signatures - when Enable is checked given violation is in fact enforced - at least this is how I understand final result - request not passing given compliance check are blocked - like request containing enforced signatures.
Again that is creating a bit of confusion for me. Even if we will follow the logic that there is no staging for HTTP compliance then why there is 0 (instead of N/A) in Ready To Be Enforced column?
Seems that 9 is result of: number of violations with Learn - number of violations with Enable manually set (additional to 3 enabled by default, those 3 seems not be counted here - those as well do not have Learn checkbox, only Enable)
Clicking on numbers in both Total and Not Enforced column just direct to Learning and Blocking Settings (LABS) page with HTTP protocol compliance failed section extended, nothing more.
Considering Bad Host Header, this is just example what is shown when filter icon in front of HTTP Protocol Compliance row in ERS widget is clicked.
For all violations marked with Learn on LABS page we have suggestions. See screen:
You can see that suggestions are listed for all violations (with Learn checked) - even if no request triggered violation. Maybe this is because all of then are marked as Policy Tightening Suggestions - those do not need any request to be listed?
Still there should be any info in Ready To Be Enforced column indicating number of violations that was never triggered during ERP - don't you think?
And why there is info 265 request triggered this suggestion - 265 request is total number of request processed by policy from the moment it was activated, but no request actually was reported as triggering violation (this is exactly the same for all other suggestions).
It only changes when given violation is Enabled. When only Learn is checked nothing is displayed in Even Log as well as in suggestion for given violation.
I did test sending request with two Host headers (should trigger Multiple host headers) - no info about violation in Event Log, no info about actual request triggering suggestion in Traffic Learning - not really useful for figuring out if request are not compliant...
Don't really get logic here :-( Same situation seems to be for Evasion Technique detected.
Piotr