Jump to content


Photo

Cloaking and HTTP Status-Lines

cloaking http_status_code

  • Please log in to reply
5 replies to this topic

#1 Yann Castells

Yann Castells
  • Members
  • 17 posts

Posted 02 October 2015 - 04:02 AM

Hello,

 

is it possible to create action policies based on the application's response status code?

 

My goal is to always deliver a custom error page from the WAF ( from Advanced / Libraries / Response Pages) in case a server returns one.

I did not find a way to achieve this, since there is no way to create ACLs or similar based on the HTTP status codes.

Am I missing something?

 

If not, could this feature be implemented? An extension of Security Policies / Action Policy / response-violations would be great. Especially for rather common status codes like 403, 408, 414  etc... 



#2 Kaushik Thirumurthy

Kaushik Thirumurthy
  • Barracuda Team Members
  • 41 posts

Posted 02 October 2015 - 04:30 AM

Hello Yann,

 

There is a pre-defined action policy for the the violation "Error Response Suppressed",

 

--> Please create a custom  response page as required.

 

--> Navigate to Security policies-->Action policy. From the drop down menu on the top,  choose the respective security policy configured under the service.

--> Edit the action policy "Error Response Suppressed", change the response page from default to custom response page.

 

Kindly let us know if you have any questions, thank you

 

Regards,

Kaushik.



#3 Yann Castells

Yann Castells
  • Members
  • 17 posts

Posted 02 October 2015 - 05:52 AM

I meant different response pages for different status codes from the app, eg. one custom page for 403, one for 405 etc.

Your suggention would be one response page for all error codes, right?

 

Edit: tried to improve poor wording.



#4 Anjul Goel

Anjul Goel
  • Members
  • 2 posts

Posted 15 January 2020 - 10:22 AM

For WAF cloaking, is possible to configure different response pages for different status codes, eg. one custom page for 403, one for 405.



#5 Anjul Goel

Anjul Goel
  • Members
  • 2 posts

Posted 15 January 2020 - 10:23 AM

For WAF cloaking, Is it possible to configure different response pages for different status codes, eg. one custom page for 403, one for 405.



#6 Aravindan Anandan

Aravindan Anandan
  • Barracuda Team Members
  • 85 posts

Posted 22 January 2020 - 05:33 PM

The response page is based on the action configured for the event raised due to the violation. Here, the violation would be "error response suppressed". WAF doesn't differentiate this violation based on the error status code, so a separate error response cannot be raised.