topic Re: Exception rule not working with Header values in WAF

Exception rule not working with Header values

Andy1977 — Mon, 13 May 2024 09:52:40 GMT

We have an application which has a API key in the HTTP headers. We try to capture the condition base on the presence of the API key. We created a custom exception rule using Header Name and Header Value. However, it seems the parameters cannot be detected correctly.

The HTTP Header in JSON format looks like this:

"header":[{"key":"user-agent","value":"Dart/3.2 (dart:io)"},{"key":"accept-language","value":"zh-Hant"},{"key":"accept-encoding","value":"gzip"},{"key":"authorization","value":"bearer xxxx"},{"key":"apikey","value":"xxxxxxx"}]

Anyone can suggest how to match the apikey and its value to the condition? Thanks.

Re: Exception rule not working with Header values

orianel — Wed, 05 Jun 2024 07:27:27 GMT

Hi @Andy1977, please let me know which exceptions you've used (Skip, Accept, Drop).

Thanks!

Re: Exception rule not working with Header values

Andy1977 — Wed, 05 Jun 2024 08:06:01 GMT

Client is using Accept.

To our understanding, Skip will only skip part of the URL from inspection base on the condition, and will inspect the remaining part of the URL.

Client wants to Accept the whole traffic when condition is meet.

Re: Exception rule not working with Header values

orianel — Wed, 05 Jun 2024 09:10:28 GMT

Hi @Andy1977,

We have some issues with this clause in exceptions, a fix will be deployed soon, if you could please attach requests being blocked incorrectly we would be happy to recommend another exception

Re: Exception rule not working with Header values

Andy1977 — Thu, 06 Jun 2024 03:02:31 GMT

We have logged support ticket for this issue and it has been 3 months but the issue still not able be fixed. We have another remote session with Checkpoint Support this afternoon, and end user will demonstrate their problem again. Let's see how is the outcome then.