Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Incap rule isn't working.

    Posted 04-21-2021 22:40
    Hello.

    New to IMPERVA's Cloud WAF.

    I have configured the following rule on a test site:

    When:
    HeaderValueLength > {"If-None-Match";0} & ( HeaderValue contains {"If-None-Match";"\""} | HeaderValue contains {"If-None-Match";"\x22"} | HeaderValue contains {"If-None-Match";"0"} )

    Then:

    Block request.

    I am generating requests using "wget" command on a Linux system. I can confirm they do contain header "If-None-Match" with value "0123456789abcde" (I can watch them in the logs of our NGINX load-balancers). However, they are not blocked by the IMPERVA engine.

    What am I doing wrong? Can someone advise, please?

    Thanks,
    #CloudWAF(formerlyIncapsula)

    ------------------------------
    Panos Tsapralis
    Head of Networks
    SMARTBOX Group UK Ltd (BUYAGIFT)
    London
    ------------------------------


  • 2.  RE: Incap rule isn't working.

    Posted 04-27-2021 05:32
    Hi Panos,

    I spoke with a colleague in support and understand that the correct rule should be:

    HeaderValueLength > {"If-None-Match";0} & HeaderValue contains {"If-None-Match";"%22"}

    I hope this is helpful.

    Many thanks,




    ------------------------------
    Sarah Lamont
    Digital Community Manager
    ------------------------------