Imperva Cyber Community

communities_1.jpg
 View Only

  • 1.  Create rule based on response.

    Posted 05-12-2023 01:55
    Edited by Jose Yero 05-12-2023 01:57
    Hi team.
     
    I want to create rules based on the messages that appear in the "Response" tab.
     
    For example rules that detect "Servicio no disponible", does anyone have any idea how to do it?



    #On-PremisesWAF(formerlySecuresphere)



  • 2.  RE: Create rule based on response.

    Posted 05-12-2023 12:03

    What is the deployment mode of the WAF?




    ------------------------------
    Sarvesh Lad
    Tech Lead @ On-Prem Managed Services (WAF, DAM, DRA & Sonar)
    ------------------------------

    Original Message


  • 3.  RE: Create rule based on response.

    Posted 05-12-2023 13:34
    Edited by Jose Yero 05-12-2023 13:33

    Hi Sarvesh.

    The mode is Reverse Proxy.

    I have mobile apps that have specific response messages and I want to map the events based on that response that comes out in the "Response" tab.


    ------------------------------

    Original Message


  • 4.  RE: Create rule based on response.

    Posted 05-17-2023 12:02

    The only two predicates available to create WAF Rules based on response is headers and status code:


    I don't think you are able to do it based on specific message in response code, I would advise opening a support case to confirm that.

    Regards,



    ------------------------------
    Sarvesh Lad
    Tech Lead @ On-Prem Managed Services (WAF, DAM, DRA & Sonar)
    ------------------------------

    Original Message


  • 5.  RE: Create rule based on response.

    Posted 05-18-2023 07:56
      |   view attached

    HI,

    Go to Setup -> Global Object -> Generic Dictionary Groups.
    Add the new group from scratch. You can mark Case Sensitive if it is demanding.
    Create the new entry as a simple type. Save it.
    Go to Policies -> Security -> Add new one -> use Generic Dictionary Search match criteria.
    In the Dictionary, find and choose just created in Global Objects and Locations change from URL to Response Content.
    Add maybe more needed criteria.

    Please test it and enjoy.
    If it is working well, please click Like!


     



    ------------------------------
    Karol Gruszczynski
    IT Security Expert
    Trafford IT Sp. z o.o.
    Warsaw
    ------------------------------

    Original Message


  • 6.  RE: Create rule based on response.

    Posted 05-22-2023 04:10
    Edited by Jose Yero 05-22-2023 04:10
    Thank you very much Karl.
     
    The information provided was very useful.
     
    Blessings.




    Original Message