Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Unauthorized Request Content Type

    Posted 11-11-2022 06:56
    Dear all,

    If our web application is using a customized value for the Content-type header field in different HTTP POST requests, is there any way to fine tune the application profile such that the Imperva WAF would recognize such customized value is valid and not to trigger alert?

    Thank you!.
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Ken Chau
    IT Manager
    ------------------------------


  • 2.  RE: Unauthorized Request Content Type

    Posted 11-12-2022 12:48
    Hello Ken,

    Thank you for the post, sharing below link which explains about content-type discovery feature,
    https://docs.imperva.com/howto/3ce0843b

    Working with Content-type Discovery
    https://docs.imperva.com/bundle/v13.6-web-application-firewall-user-guide/page/70786.htm
    https://docs.imperva.com/bundle/v14.6-web-application-firewall-user-guide/page/70947.htm

    Let me know if this helps your requirement or not.

    ------------------------------
    Syed Noor Fazal
    Product Support Engineer
    ------------------------------



  • 3.  RE: Unauthorized Request Content Type

    Posted 11-15-2022 21:10
    Hi Syed,

    We are using version 13.3 and seems it does not have the feature of Content-type Discovery.
    By the way, we just want to stop generating the alert when the content-type matches our defined value, and there is no need to block any traffic.

    Thanks.

    ------------------------------
    Ken Chau
    IT Manager
    ------------------------------



  • 4.  RE: Unauthorized Request Content Type

    Posted 12-10-2022 12:33
    Hello Ken,

    If you just want mx not to generate any alert, then just keep the policy action as no alert that should work.

    ------------------------------
    Syed Noor Fazal
    Product Support Engineer
    ------------------------------



  • 5.  RE: Unauthorized Request Content Type

    Posted 12-12-2022 21:31
    Hi Syed,

    I don't want the mx to completely not generating alert on this policy. I just want it to be able to identify a customized request content type defined by us, and then it won't need to fire the alert.

    Under Policy > Security > HTTP/1.x Protocol Policy, I tried to expand the "Unauthorized Request Content Type" rule and add our customized content type in the "Allowed Content Types" list. but still have no luck. I'm still receiving many alerts of Unauthorized Request Content Type. Do I miss anything in the configuration?

    Thank you.

    ------------------------------
    Ken Chau
    IT Manager
    ------------------------------



  • 6.  RE: Unauthorized Request Content Type

    Posted 12-14-2022 09:03
    Hello Ken,

    If you can copy the content type from the learned url > profiles tab and add that in the allowed content type and then test it.

    ------------------------------
    Syed Noor Fazal
    Product Support Engineer
    ------------------------------