amr fawzy1709157741 Posted October 9, 2022 Share Posted October 9, 2022 I know you can create a custom error page to the WAF. This is supposed to work on all the violations that are blocked ?? Because some of the violations are blocked but not redirecting to the error page I created, while others normally do. Link to comment
2 Rhonda Rowland1709152125 Posted October 9, 2022 Share Posted October 9, 2022 (edited) Which violations? Not all violation redirect to the blocked page. Edit (to add): and what format is the blocked page in: imported error page or a redirect to a relative path or an absolute path? 1) MOST request time violations redirect to blocked page on a "BLOCK" action: start url, deny url, buffer overflow, sql and xss injection. Etc. 2) However, Cookie Consistency check on violation BLOCKs attack by stripping cookie from request and does NOT redirect to error page. Request proceeds to server but without manipulated cookie. If TRANSFORM is used, then cookies in response are rewritten to prevent the attack in the first place. (Here, transform and block are non-overlapping). You will see a cookie consistency BLOCK action logged BUT no redirect to blocked page. 3) Response time checks like Safe Object and Credit Card protection BLOCK on violation by terminating the response. Too late in the response time flow to trigger a redirect. Also, if your block violations are on specific objects in the request, you may see the "block" log event and the "block" redirect if looking in a web header viewer, but it may not change the view in the browser if its only some dependent objects and not the main content. Any security check not set to "BLOCK" will not redirect and will either observe (block off, but logging on) or transform if enabled which will alter the request or the response to meet the requirements. Edited October 9, 2022 by Rhonda Rowland added note. 2 Link to comment
0 Johannes Norz Posted January 17, 2023 Share Posted January 17, 2023 You won't see this error page being displayed on the browser in case of non-html objects like images. These images will simply not display, css will not work (HTML error objects usually return a 200 OK, so these blocked css files will be "corrupt" from perspective of the browser, you might set an other status like 418 (I'm a tea pot) instead of 200 (Ok)) Cheers Johannes Norz CTA, CCI, CCE-AppDS Link to comment
Question
amr fawzy1709157741
I know you can create a custom error page to the WAF.
This is supposed to work on all the violations that are blocked ??
Because some of the violations are blocked but not redirecting to the error page I created, while others normally do.
Link to comment
2 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now