Imperva Cyber Community

 View Only
  • 1.  Unauthorized Request Content Type

    Posted 27 days ago
    Dear all,

    If our web application is using a customized value for the Content-type header field in different HTTP POST requests, is there any way to fine tune the application profile such that the Imperva WAF would recognize such customized value is valid and not to trigger alert?

    Thank you!.
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Ken Chau
    IT Manager
    ------------------------------


  • 2.  RE: Unauthorized Request Content Type

    Posted 25 days ago
    Hello Ken,

    Thank you for the post, sharing below link which explains about content-type discovery feature,
    https://docs.imperva.com/howto/3ce0843b

    Working with Content-type Discovery
    https://docs.imperva.com/bundle/v13.6-web-application-firewall-user-guide/page/70786.htm
    https://docs.imperva.com/bundle/v14.6-web-application-firewall-user-guide/page/70947.htm

    Let me know if this helps your requirement or not.

    ------------------------------
    Syed Noor Fazal
    Product Support Engineer
    ------------------------------



  • 3.  RE: Unauthorized Request Content Type

    Posted 22 days ago
    Hi Syed,

    We are using version 13.3 and seems it does not have the feature of Content-type Discovery.
    By the way, we just want to stop generating the alert when the content-type matches our defined value, and there is no need to block any traffic.

    Thanks.

    ------------------------------
    Ken Chau
    IT Manager
    ------------------------------