Imperva Cyber Community

communities_1.jpg
 View Only
Back to discussions
Expand all | Collapse all

Asked to block basic authentication prompt on our on prem WAF based on header value for specif account . Best way to do this?

  • 1.  Asked to block basic authentication prompt on our on prem WAF based on header value for specif account . Best way to do this?

    Posted 03-19-2025 17:46

    Looking for some guidance or documentation on how to do this.

    We have a website that prompts using basic authentication and we need to block when the header contains a value that is a specific account. We need to block this for all IPs excluding a list of known IPs that do not want to block.

    Have not been able to test this yet and this is what we came up with. will this accomplish this or is there a better way to do this on-prem WAF running 14.7

    1. Web Custom Rule
    2. HTTP Request Header Name  - with name need to trigger on : authorization
    3. HTTP Request Header Value : Header Name: authorization  Operation at least one Value: ID#ofaccount if matches want to block
    4. Source IP Addresses : Exclude all  - Select our IP groups that we need to allow and not block


    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    [Scott] Brandt
    Security Engineer
    Taylor Corporation
    North Mankato [MN]
    ------------------------------


  • 2.  RE: Asked to block basic authentication prompt on our on prem WAF based on header value for specif account . Best way to do this?

    Posted 03-23-2025 13:24

    Hello Scott,

    Thank you for the post, You should only need "HTTP Request Header Value" (since you specify the name and value in this criteria) and "Source IP Address". Something like this:

    The source IP 10.79.210.1 happened to not be in the "Allowed IP Addresses".



    ------------------------------
    Syed Noor Fazal
    Product Support Engineer
    ------------------------------