Table of Contents
Advertisement
About Advanced Operations
Advanced operations are applied to input identified by the selected variables before the input
is matched against the specified value. For instance, the String Length operation is used to
compute the length of the matched input and use it for comparison. Some of the advanced
operations are used to thwart attempts by hackers to encode inputs to bypass Web Application
Firewall rules. You can click on an advanced operation in the list to read more information on it
in the Tips/Help sidebar.
The advanced operations can be used in conjunction with regular operators. There are ten
operations to choose from in the Advanced Operations field, including the None operation
which leaves the input alone.
Multiple advanced operations can be selected together and individually enforced. You can
select multiple operations by holding the Ctrl key while clicking an additional operation. When
the None operation is selected along with other operations in your rule, the input is compared
as is and also compared after decoding it or converting it with another operation.
describes the advanced operations available for use with rules.
Table 19
Operation
None
String Length
Convert to Lowercase
Normalise URI Path
Remove Spaces
Base64 Decode
Hexadecimal Decode
Advanced Operations for Rules
Description
Use the None operation when you want to compare the scanned input to the
configured variable(s) and value(s) without changing the input.
Use the String Length operation when the selected variable is a string and
you want to compute the length of the string before applying the selected
operator.
Use the Convert to Lowercase operation when you want to make case-
insensitive comparisons by converting the input to all lowercase before the
comparison. When you use this operation, make sure that strings entered in
the Value field are all in lowercase.
This is an anti-evasive operation to prevent hackers from changing case to
bypass the rule.
Use the Normalise URI Path operation to remove invalid references, such as
back-references (except at the beginning of the URI), consecutive slashes,
and self-references in the URI. For example, the URI
login.aspx
This is an anti-evasive operation to prevent hackers from adding invalid refer-
ences in the URI to bypass the rule.
Use the Remove Spaces operation to remove spaces within strings in the
input before the comparison. Extra spaces can cause a rule to not match the
input, but are interpreted by the backend Web application.
This is an anti-evasive operation to prevent hackers from adding spaces
within strings to bypass the rule.
Use the Base64 Decode operation to decode base64 encoded data before
the comparison is made according to the rule.
Some applications encode binary data in a manner convenient for inclusion in
URLs and in form fields. Base64 encoding is done to this type of data to keep
the data compact. The backend application decodes the data.
This is an anti-evasive operation to prevent hackers from using base64
encoding of their input to bypass the rule.
Use the Hexadecimal Decode operation to decode hexadecimal encoded
data before the comparison is made according to the rule.
This is an anti-evasive operation to prevent hackers from using hexadecimal
encoding of their input to bypass the rule.
is converted to www.eshop.com/login.aspx.
Web Application Firewall Configuration | 269
Table 19
www.eshop.com/././//
Hide quick links:
Advertisement
Chapters
Table of Contents
