This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Andy1977
Explorer
‎2024-05-13 02:52 AM

Exception rule not working with Header values

We have an application which has a API key in the HTTP headers. We try to capture the condition base on the presence of the API key. We created a custom exception rule using Header Name and Header Value. However, it seems the parameters cannot be detected correctly.

The HTTP Header in JSON format looks like this:

"header":[{"key":"user-agent","value":"Dart/3.2 (dart:io)"},{"key":"accept-language","value":"zh-Hant"},{"key":"accept-encoding","value":"gzip"},{"key":"authorization","value":"bearer xxxx"},{"key":"apikey","value":"xxxxxxx"}]

Anyone can suggest how to match the apikey and its value to the condition? Thanks.

 

 

Preview file
3 KB
0 Kudos
4 Replies
orianel
Employee
Employee
‎2024-06-05 12:27 AM

Hi @Andy1977, please let me know which exceptions you've used (Skip, Accept, Drop). 

Thanks! 

0 Kudos
Andy1977
Explorer
‎2024-06-05 01:06 AM
In response to orianel

Client is using Accept.

To our understanding, Skip will only skip part of the URL from inspection base on the condition, and will inspect the remaining part of the URL.

Client wants to Accept the whole traffic when condition is meet.

0 Kudos
orianel
Employee
Employee
‎2024-06-05 02:10 AM
In response to Andy1977

Hi @Andy1977

We have some issues with this clause in exceptions, a fix will be deployed soon, if you could please attach requests being blocked incorrectly we would be happy to recommend another exception

0 Kudos
Andy1977
Explorer
‎2024-06-05 08:02 PM
In response to orianel

We have logged support ticket for this issue and it has been 3 months but the issue still not able be fixed. We have another remote session with Checkpoint Support this afternoon, and end user will demonstrate their problem again. Let's see how is the outcome then.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events