Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Data Set Wildcards

    Posted 19 days ago

    Hello,

    I have a security policy (Web Service Custom policy) which blocks an HTTP request if an certain user-agent is in the HTTP header. The data with the user-agents ("blocklist") is stored in a Data Set.
    The policy only matches the criteria based on "User Agent (Lookup Data Set)" settings in the policy. In the "Lookup Data Set" i have chosen the predefined Data Set with the user agents which I want to block.

    The policy only matches full strings (literal) an no wildcards. If the user agent strings changes (for instance the version in the user agent string) my policy doesn't block any more.

    Is there a possibility to match sub-strings or wildcards using a Lookup Data Set?

    Thanks


    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Haupt Cont
    ------------------------------


  • 2.  RE: Data Set Wildcards

    Posted 19 days ago
    Hi Haupt

    i think you can create a custom signature to match those user-agent via regular expressions. Because the data-set are like a manual/automatic dictionary

    https://docs.imperva.com/bundle/v13.6-web-application-firewall-user-guide/page/3110.htm

    i'm not sure if performance is impacted too much due the regular expressions.

    ------------------------------
    Matias Molina
    Post Sales Engineer
    BVS Technology
    Santiago
    ------------------------------



  • 3.  RE: Data Set Wildcards

    Posted 18 days ago

    Hello Haupt,

    Happy new year, i believe you would like to block wildcard agent(any user-agent)in the http request, for that we would need to create rejex for that as mentioned in the below discussion,
    https://community.imperva.com/discussion/block-invalid-ip?ReturnUrl=%2fcommunities%2fcommunity-home%2fdigestviewer%3fcommunitykey%3d39c6092a-d67a-4bc2-8134-bfbb25fc43af

    But ideally if we block all the user, it;s not the correct way of creating the policy.
    For creating regex you can use this link, Regex Library,



    ------------------------------
    Syed Noor Fazal
    Product Support Engineer
    ------------------------------