Hello Scott,
Thank you for the post, You should only need "HTTP Request Header Value" (since you specify the name and value in this criteria) and "Source IP Address". Something like this:
The source IP 10.79.210.1 happened to not be in the "Allowed IP Addresses".
------------------------------
Syed Noor Fazal
Product Support Engineer
------------------------------
Original Message:
Sent: 03-19-2025 17:46
From: Scott Brandt
Subject: Asked to block basic authentication prompt on our on prem WAF based on header value for specif account . Best way to do this?
Looking for some guidance or documentation on how to do this.
We have a website that prompts using basic authentication and we need to block when the header contains a value that is a specific account. We need to block this for all IPs excluding a list of known IPs that do not want to block.
Have not been able to test this yet and this is what we came up with. will this accomplish this or is there a better way to do this on-prem WAF running 14.7
- Web Custom Rule
- HTTP Request Header Name - with name need to trigger on : authorization
- HTTP Request Header Value : Header Name: authorization Operation at least one Value: ID#ofaccount if matches want to block
- Source IP Addresses : Exclude all - Select our IP groups that we need to allow and not block
#On-PremisesWAF(formerlySecuresphere)
------------------------------
[Scott] Brandt
Security Engineer
Taylor Corporation
North Mankato [MN]
------------------------------