Forum Discussion

Wasfi_Bounni's avatar
Wasfi_Bounni
Icon for Cirrocumulus rankCirrocumulus
Feb 28, 2021

How can I add an "Illegal Header" in the Advanced WAF.

Hi;   How can I add a header to be illegal in the AWAF product, previously ASM.   The ASM for instance allows you to manually add "Allowed URLs" and "Disallowed URLs". However, I could only ...
ASM Advanced WAF
security
  • Daniel_Wolf's avatar
    Daniel_Wolf
    Feb 28, 2021

    Hi Wasfi,

     

    you can achieve this by adding the Header name as a custom attacking signature.

    Here is the to the documentation for v14.1:

    Writing Custom Attack Signatures

     

    And here a (not very sophisticated) example: 

    KR

    Daniel

Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP

Hi Wasfi,

 

you can achieve this by adding the Header name as a custom attacking signature.

Here is the to the documentation for v14.1:

Writing Custom Attack Signatures

 

And here a (not very sophisticated) example: 

KR

Daniel

Wasfi_Bounni's avatar
Wasfi_Bounni
Icon for Cirrocumulus rankCirrocumulus
Mar 01, 2021

Hi Daniel;

 

In the above example, I have tried to use a regular expression instead of the contain string criteria, which is ^badheader. This means that the header value string must start with badheader. The issue though is that did not work. I will put this on the forum too.

 

 

Kindly

Wasfi