Has anyone had luck limiting http methods like PUT to limited URLs? For example, limiting a PUT to https://www.foo.com/ but not to https://www.foo.com/folder1 ? I've created a custom vulnerability that allows the http-method (http-req-header length > 0 which http-method=PUT) in a custom vulnerability but I am having trouble limiting it to the host only portion or the URL/URI. Not sure if this should be further defined in the custom vulnerability, URL category, or just as an fqdn address object? I am trying to think that if I have a use case in the future to allow to https://www.foo.com/folder2 but not https://www.foo.com/folder2/uploads would it be the same solution?
You should try using a targeted security policy with a Custom URL entry to match the URN of interest in the Service/URL Category tab of the Security Policy Rule. You will then apply the restrictive Vulnerability Protection Profile with an Exception set to block on your Custom Vulnerability Signature. Note that given that these are HTTP(S) resources, this is dependent on successful TLS decryption.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!