Today I have received reports that AppSec is blocking content on a "Detect Only" policy. I can reproduce this behavior.
Unfortunately, I can't find any blocking events at all. When the incident occurs, I receive an ID. When I put the ID (e.g. 40a005c0-35e2-48f8-b19c-dc2c87f81686) in "All Events", I get nothing. I can't find a field for this event.
Am I missing something? How can I find this block? I have opened a case for the original problem.
Another question. I am using a Check Point Cloudguard AppSec GW running Docker:
IMAGE COMMAND CREATED STATUS PORTS NAMES
cp_nginx_gaia "/usr/bin/entrypoint.sh nginx -g 'daemon off;'" 2 days ago Up 2 days ago cp_nginx_gaia
This image comes with a preconfigured timeout for web requests of 60 seconds (NGINX default).
I would like to increase this limit to i.e. 300s. Is there any way to achieve this and make this change permanent?
The block was solved by a ticket and by you:)
The advanced dialog looks exactly as the information I was looking for. Thank you very much.