Imperva Cyber Community

 View Only
  • 1.  Allow Corporate Qualys Scans through ABP

    Posted 08-11-2023 15:35

    Looking for suggestions on how to allow a text string on a header other than the user agent header for an Allow condition.  Does MOI allow the use of a wildcard to cover all headers in an HTTP request or do I need to know the exact header name?  Or am I completely off base?  I'm trying to allow a specific header value through ABP in order to allow our Qualys scans but mitigate all others.




    Tony Convertine
    Security Engineer
    Arthur J. Gallagher & Co.
    Rolling Meadows IL

  • 2.  RE: Allow Corporate Qualys Scans through ABP

    Posted 08-16-2023 08:21
      |   view attached

    Hi Tony,

    Yes you can create an allowlist based on specific header and header value, but you have to keep in mind by default all non default headers are masked from ABP,  if the header which you want to add is non default HTTP header then first you would need to unmask the header name on ABP as shown in the below diagram only then ABP will look at the header.

    Sandeep Ramaswamy