Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF Rules Allowing Unexpected Requests

Hello,

I am getting some unexpected and unwanted requests (trying to find exploits) that are handled by one of the WAF Rules:



Here's the WAF Rule that is being it with this traffic:




Here's how it looks in the Event Viewer:

How can I change the WAF rule (or through another rule) so if the traffic doesn't match the published paths (below), it gets dropped (instead of returning an HTTP 403)?

Thanks!



This thread was automatically locked due to age.
Parents
  • Thanks Raphael. I understand. 

    If I enable country blocking on this rule, will the traffic coming from a blocked country be rejected or dropped? 

    Is there anything else (from the security standpoint) that I could put in place to better handle this (outside any complex automation as you described)?

    Just want to have peace of mind that I am locking this down as much as I possibly can. 

  • Bumping this up..

    Is there anything else (from the security standpoint) that I could put in place to better handle this (outside any complex automation as you described)? Just want to have peace of mind that I am locking this down as much as I possibly can. 

    Thanks!

  • Essentially no - You could add GEO IP blocking, if you think, this will increase something, but nowadays attacks are not based on IP geo locations. 

    __________________________________________________________________________________________________________________

Reply
  • Essentially no - You could add GEO IP blocking, if you think, this will increase something, but nowadays attacks are not based on IP geo locations. 

    __________________________________________________________________________________________________________________

Children
No Data