Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Create rule based on response.

    Posted 28 days ago
    Edited by Jose Yero 28 days ago
    Hi team.
     
    I want to create rules based on the messages that appear in the "Response" tab.
     
    For example rules that detect "Servicio no disponible", does anyone have any idea how to do it?



    #On-PremisesWAF(formerlySecuresphere)



  • 2.  RE: Create rule based on response.

    Posted 27 days ago

    What is the deployment mode of the WAF?




    ------------------------------
    Sarvesh Lad
    Tech Lead @ On-Prem Managed Services (WAF, DAM, DRA & Sonar)
    ------------------------------



  • 3.  RE: Create rule based on response.

    Posted 27 days ago
    Edited by Jose Yero 27 days ago

    Hi Sarvesh.

    The mode is Reverse Proxy.

    I have mobile apps that have specific response messages and I want to map the events based on that response that comes out in the "Response" tab.


    ------------------------------



  • 4.  RE: Create rule based on response.

    Posted 22 days ago

    The only two predicates available to create WAF Rules based on response is headers and status code:


    I don't think you are able to do it based on specific message in response code, I would advise opening a support case to confirm that.

    Regards,



    ------------------------------
    Sarvesh Lad
    Tech Lead @ On-Prem Managed Services (WAF, DAM, DRA & Sonar)
    ------------------------------



  • 5.  RE: Create rule based on response.

    Posted 21 days ago
      |   view attached

    HI,

    Go to Setup -> Global Object -> Generic Dictionary Groups.
    Add the new group from scratch. You can mark Case Sensitive if it is demanding.
    Create the new entry as a simple type. Save it.
    Go to Policies -> Security -> Add new one -> use Generic Dictionary Search match criteria.
    In the Dictionary, find and choose just created in Global Objects and Locations change from URL to Response Content.
    Add maybe more needed criteria.

    Please test it and enjoy.
    If it is working well, please click Like!


     



    ------------------------------
    Karol Gruszczynski
    IT Security Expert
    Trafford IT Sp. z o.o.
    Warsaw
    ------------------------------



  • 6.  RE: Create rule based on response.

    Posted 18 days ago
    Edited by Jose Yero 18 days ago
    Thank you very much Karl.
     
    The information provided was very useful.
     
    Blessings.