cancel
Showing results for 
Search instead for 
Did you mean: 

How can I add an "Illegal Header" in the Advanced WAF.

Wasfi_Bounni
Cirrostratus
Cirrostratus

Hi;

 

How can I add a header to be illegal in the AWAF product, previously ASM.

 

The ASM for instance allows you to manually add "Allowed URLs" and "Disallowed URLs". However, I could only manually add "Allowed Headers" but could not find a way to manually add "Disallowed Headers". I know I can do that in an I-rule, but my aim was to do it in the GUI and return the default block page.

 

 

Kindly

Wasfi

1 ACCEPTED SOLUTION

Hi Wasfi,

 

you can achieve this by adding the Header name as a custom attacking signature.

Here is the to the documentation for v14.1:

Writing Custom Attack Signatures

 

And here a (not very sophisticated) example:0691T00000C1934QAB.png 

KR

Daniel

View solution in original post

3 REPLIES 3

Hi Wasfi,

 

you can achieve this by adding the Header name as a custom attacking signature.

Here is the to the documentation for v14.1:

Writing Custom Attack Signatures

 

And here a (not very sophisticated) example:0691T00000C1934QAB.png 

KR

Daniel

Hi Daniel;

 

In the above example, I have tried to use a regular expression instead of the contain string criteria, which is ^badheader. This means that the header value string must start with badheader. The issue though is that did not work. I will put this on the forum too.

 

 

Kindly

Wasfi

Wasfi_Bounni
Cirrostratus
Cirrostratus

Hi Daniel;

 

Thank you for your help.

 

 

Kindly

Wasfi