Hi Jaired,
Thank you for your efforts and prompt response,
While troubleshooting, we tried different combinations but none of them worked, one of them what you shared.
but the other thing I need to check is, the lookup table itself, I will delete the title column and keep the values only.
I will test it and update you with the result.
------------------------------
Mohammad Alriaty
System Engineer
Cloud Distribution for Communications & IT Co.
Riyadh
------------------------------
Original Message:
Sent: 10-12-2022 11:25
From: Jaired Anderson
Subject: block by non default header-parameter
Hi Mohammed,
I noticed in the screenshot provided that you are using a "source IP address" lookup set and you're checking in the "parameters" field.
Typically, the term "parameter" is in reference to a web URL parameter.
However, if I understand the use case correctly, you want to trigger based on a Header value.
Please try using a "Lookup Data Set Search" defined like below.
- This tells us where to look for the data - in this case - it's the Headers we are interested in.
- This narrows the scope - now that the we are looking at the headers - which header in particular should we be inspecting
- Now that we are looking at the X-kony-deviceid header, this defines the set of Values we should be comparing against - and if we find a matching value in the Lookup Data Set then the rule is triggers
------------------------------
JairedAnderson
Imperva
Original Message:
Sent: 10-12-2022 02:19
From: Mohammad Alriaty
Subject: block by non default header-parameter
Hi Jaired,
Yes, it works.
But we used lookup data as a global object, as there is a list of devices that need to be blocked based on X-Kony-DeviceId.
------------------------------
Mohammad Alriaty
System Engineer
Cloud Distribution for Communications & IT Co.
Riyadh
Original Message:
Sent: 10-11-2022 09:51
From: Jaired Anderson
Subject: block by non default header-parameter
Hi Mohammad,
Does it work if the "HTTP Request Header Value" match criteria is used as in the below screenshot? (enter the device IDs under the "value" column.
------------------------------
JairedAnderson
Imperva
Original Message:
Sent: 10-11-2022 05:18
From: Mohammad Alriaty
Subject: block by non default header-parameter
Dear all,
We planned to block the connection that came from certain mobile devices based on the non-default parameter in the header.
the device id shows on the header on the parameter: X-Kony-Deviceid
for that we tried the below :
1. configure the lookup data and put all the devices' IDs.
2. create a web service custom policy with Match Criteria " attached "
but with no luck, the policy did not fit what we need.
so please how we can configure the non-default parameter that predefines lookup data match criteria ??
#On-PremisesWAF(formerlySecuresphere)
------------------------------
Mohammad Alriaty
System Engineer
Cloud Distribution for Communications & IT Co.
Riyadh
------------------------------