Imperva Cyber Community

I understand this one:      https://www.imperva.com/sign_in.asp?retURL=/articles/Concept/Policies--Policy-Precedence , but how about when two policies are Web Service Custom and exclude each other, which one takes precedence?

Thank you in advance :)

#On-PremisesWAF(formerlySecuresphere)

------------------------------
Sabajete Elezaj
SNT Albania
------------------------------

I read the KB - let me try and expand on what is written

here are the general rules 
- policies are applied in the following order - network/service/application 
- all applied policies of the same type are applied at the same time / for example if we have 5 policies on the service level all are activated and inspect at the same time 
- if a block is encountered all inspection is stopped and the stream/connection is blocked  - so if the block occurs at the network level there will be no inspection done at the service or application level, blocked at the service it never gets to the application level

exclusions 
If an exclusion is configured the inspection engine will evaluate exceptions first.
If the frame is not excluded based on the policy, inspection will resume

Hello, thank you for the explanation. Just to be 100% clear: let's say a frame passes all the inspection till the application level. In application level the customer has a policy defined to block a specific path /url/url, (rule 1) then after years it adds another policy at the application level, to allow this path /url/url (rule 2). What happens?

Sabajete,

------------------------------
Sabajete Elezaj
SNT Albania
------------------------------

Original Message:
Sent: 11-12-2019 14:10
From: Phil Klassen
Subject: Hello, how is the precedence of policies?

I read the KB - let me try and expand on what is written

here are the general rules 
- policies are applied in the following order - network/service/application 
- all applied policies of the same type are applied at the same time / for example if we have 5 policies on the service level all are activated and inspect at the same time 
- if a block is encountered all inspection is stopped and the stream/connection is blocked  - so if the block occurs at the network level there will be no inspection done at the service or application level, blocked at the service it never gets to the application level

exclusions 
If an exclusion is configured the inspection engine will evaluate exceptions first.
If the frame is not excluded based on the policy, inspection will resume

------------------------------
Phil Klassen

Original Message:
Sent: 11-12-2019 10:03
From: Sabajete Elezaj
Subject: Hello, how is the precedence of policies?

I understand this one:      https://www.imperva.com/sign_in.asp?retURL=/articles/Concept/Policies--Policy-Precedence , but how about when two policies are Web Service Custom and exclude each other, which one takes precedence?

Thank you in advance :)

#On-PremisesWAF(formerlySecuresphere)

------------------------------
Sabajete Elezaj
SNT Albania
------------------------------

Although this would be considered a mis-configuration - the block will most likely be applied first
Since one of the main priorities in security is to block unwanted access, the block should be applied and enforced

yes, I also believe it is a misconfiguration. Thanks for your time :)

------------------------------
Sabajete Elezaj
SNT Albania
------------------------------

Original Message:
Sent: 11-12-2019 16:12
From: Phil Klassen
Subject: Hello, how is the precedence of policies?

Although this would be considered a mis-configuration - the block will most likely be applied first
Since one of the main priorities in security is to block unwanted access, the block should be applied and enforced

------------------------------
Phil Klassen

Original Message:
Sent: 11-12-2019 15:04
From: Sabajete Elezaj
Subject: Hello, how is the precedence of policies?

Hello, thank you for the explanation. Just to be 100% clear: let's say a frame passes all the inspection till the application level. In application level the customer has a policy defined to block a specific path /url/url, (rule 1) then after years it adds another policy at the application level, to allow this path /url/url (rule 2). What happens?

Sabajete,

------------------------------
Sabajete Elezaj
SNT Albania

Original Message:
Sent: 11-12-2019 14:10
From: Phil Klassen
Subject: Hello, how is the precedence of policies?

I read the KB - let me try and expand on what is written

here are the general rules 
- policies are applied in the following order - network/service/application 
- all applied policies of the same type are applied at the same time / for example if we have 5 policies on the service level all are activated and inspect at the same time 
- if a block is encountered all inspection is stopped and the stream/connection is blocked  - so if the block occurs at the network level there will be no inspection done at the service or application level, blocked at the service it never gets to the application level

exclusions 
If an exclusion is configured the inspection engine will evaluate exceptions first.
If the frame is not excluded based on the policy, inspection will resume

------------------------------
Phil Klassen

Original Message:
Sent: 11-12-2019 10:03
From: Sabajete Elezaj
Subject: Hello, how is the precedence of policies?

I understand this one:      https://www.imperva.com/sign_in.asp?retURL=/articles/Concept/Policies--Policy-Precedence , but how about when two policies are Web Service Custom and exclude each other, which one takes precedence?

Thank you in advance :)

#On-PremisesWAF(formerlySecuresphere)

------------------------------
Sabajete Elezaj
SNT Albania
------------------------------