06-11-2021 05:58 AM
Has anyone had luck limiting http methods like PUT to limited URLs? For example, limiting a PUT to https://www.foo.com/ but not to https://www.foo.com/folder1 ? I've created a custom vulnerability that allows the http-method (http-req-header length > 0 which http-method=PUT) in a custom vulnerability but I am having trouble limiting it to the host only portion or the URL/URI. Not sure if this should be further defined in the custom vulnerability, URL category, or just as an fqdn address object? I am trying to think that if I have a use case in the future to allow to https://www.foo.com/folder2 but not https://www.foo.com/folder2/uploads would it be the same solution?
06-30-2021 12:26 PM - edited 06-30-2021 12:36 PM
You should try using a targeted security policy with a Custom URL entry to match the URN of interest in the Service/URL Category tab of the Security Policy Rule. You will then apply the restrictive Vulnerability Protection Profile with an Exception set to block on your Custom Vulnerability Signature. Note that given that these are HTTP(S) resources, this is dependent on successful TLS decryption.
07-01-2021 04:59 AM
Thanks, any idea what the terminating character for the custom URL would be? For instance, how would one limit to only the top level meaning example.com but not grant access to example.com/file1, example.com/cgi-bin, or example.com/*
07-01-2021 05:17 AM
you can block a single URL if you use a literal URL for the policy and no special characters such as asterisk tailing the string, so just put in example.com/ and no "*" at the end.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!