Imperva Cyber Community

communities_1.jpg
 View Only

  • 1.  Custom policy with criteria Match to HTTP response headers value

    Posted 12-07-2020 08:13
    Hi, All Communnity.
    I have a task to determine an event on the site by the value of the response header.
    For example, I need to create a violation if the value of the response header Location matches the value https://mysite.com
    I need an analog of the "HTTP Request Header Value" criterion only for Response:
    "HTTP Response Header Value"
    But there is no such criterion on imperva.

    I tried to do this with a signature or "Generic Dictionary Search".
    Generic Dictionary Search
    OR
    Signature

    But "Search Signature In" or "Locations" "Response content" only works with the HTTP response body. And "Locations" "Headers" only works with request headers. This was tested experimentally.
    Technical support the Impeva think over the matter for two weeks. But there is no answer
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Vladimir Fedoseev
    ------------------------------


  • 2.  RE: Custom policy with criteria Match to HTTP response headers value

    Posted 12-09-2020 10:27
    Hi Vladimir,

    Thanks for submitting your question to the Imperva Community, unfortunately what you have requested is not currently supported however I have checked and can see the feature request has been submitted by our support team for consideration. I hope that the development teams are able to find a solution to this for you and we can update this thread moving forward.

    ------------------------------
    Patrick McCrudden
    Customer Success Manager
    Imperva
    ------------------------------

    Original Message