Imperva Cyber Community

 View Only

How to Scope out URL's on ABP

By Varul Arora posted 08-14-2023 17:30


We have seen a lot of cases where the client is getting challenged by Identify Eventually condition under Identify Directive but no blocks happens as it’s the Javascript Challenge by ABP to fingerprint the request. If this issue  happens with the client, we can suggest to increase the thresholds for no_token to > 10 as it will give appropriate time for the request to fingerprint resolving the issue. Please note that this will work but not for the API endpoints. 

For the API endpoints, we need to Scope Out the path, therefore, we need to cross check with the client whether they are the API endpoints or not as the API endpoints cannot pass the ABP Javascript challenge. 

Please see the steps to scope out the URL

1.  We need to investigate the on which Policy the condition and the flags were triggering, this can grabbed the from Looker or Tableau.

2. Once we have the policy name, condition and triggered flag, we need to create a new policy and replicate all the conditions from the policy which was getting triggered due to Identify Eventually,

3. For the new policy, assign a new per path policy for the URL mentioned by the customer.

4. Remove the Identify Eventually or switch it to disable from the Identify directive.

Let see the process with the help of an example

1. We had the IP shared by the customer for the false positive x.x.x.x, we searched it on the looker to investigate for the triggered flags and conditions

2. We now know that the Policy Name is Default Policy - Passive which is triggered the Identify Eventually with no_token flag. Now we need to add a new policy by clicking on the Plus button with Standard directive options. Once we do that we need to check with the Default Policy - Passive if any condition is missing or not. If missing, then we need to add manually.


3. Now we have to add a new per path policy to scope out the URL. We need to click on the Website group → Per-path Policies and then do the following mentioned in the screenshot. Please make sure to select the policy name in this step which was created earlier. In the Path, we need to add the URL which needs to be scoped out.

4. Now we need disable the the Identify Eventually under the Identify Directive.