Jump to content


Photo

Alert 29015 - Tilde in URL

WAF Tilde_in_URL

  • Please log in to reply
6 replies to this topic

#1 John Martin

John Martin
  • Members
  • 1 posts

Posted 12 August 2013 - 11:16 AM

Hello

We currently have a WAF that is generating a large number of alerts due to a Tilde being present in the URL within a number of pages in our site. Short of re-writing the entire web app is anyone aware of a way that we can suppress these alerts based on regex or such like, so only the client side requests (inbound through the WAF) will generate alerts?

Many thanks

#2 syed

syed
  • Barracuda Team Members
  • 3 posts

Posted 18 August 2013 - 07:17 AM

Hi John,

Thank you for contacting Barracuda Networks, we are testing the same in our Lab environment and get back to you with the details, can you please provide us the best contact number to reach you.

Thank you.

Regards,

Syed Noor Fazal
Technical Solutions Engineer
Barracuda Networks, Inc.
Tel: +91-804-904-8600
Fax: +91-804-111-0444.
Email: mailto:sfazal@barracuda.com
Web: http://www.barracudanetworks.com

#3 syed

syed
  • Barracuda Team Members
  • 3 posts

Posted 18 August 2013 - 10:23 AM

Hi John,

If tilde is present in the url then default WAF action is to protect and log such request. under security policy > Action policy > select policy name > attack group "request-policy-violations" > for the attack action name "tilde-in-url-path" , the default action is protect and log. if you want to allow such request then you can select the action as "allow and log". in case you dont want to see the alerts but still want protection against such requests then you can select the action as "protect and no log".

please let me know if you have any further questions.

Regards,

Syed Noor Fazal
Technical Solutions Engineer
Barracuda Networks, Inc.
Tel: +91-804-904-8600
Fax: +91-804-111-0444.
Email: mailto:sfazal@barracuda.com
Web: http://www.barracudanetworks.com

#4 Brian Rekus

Brian Rekus
  • Members
  • 2 posts

Posted 24 May 2017 - 03:16 PM

Other than disabling the alert completely, is it possible to not log if a tilde is used with a certain path, but alert if it is used for any other path?



#5 Aravindan Anandan

Aravindan Anandan
  • Barracuda Team Members
  • 65 posts

Posted 25 May 2017 - 08:28 AM

yes. you can create a URL profile for the required URL and whitelist tilde in that profile.  URL profiles can be created in the websites tab-> website profiles.



#6 Brian Rekus

Brian Rekus
  • Members
  • 2 posts

Posted 25 May 2017 - 09:21 AM

Would you be able to provide and example of how that profile would be setup?



#7 Aravindan Anandan

Aravindan Anandan
  • Barracuda Team Members
  • 65 posts

Posted 25 May 2017 - 01:06 PM

Sorry, I mentioned website profiles. it should be URL Allow/Deny rules

 

1. websites->Allow/deny

2. For the required service, add a URL ACL

    2.a: Set the required URL match 

    2.b: Set the Extended match as  (URI co ~)

    2.c: Set the required action among allow/deny/process with the required log option