Rule 920420 blocks based off certain Content-type header values. The below rule will allow you to append a certain value to it. For this example I appended
application/vnd.ms-sync.wbxml for Microsoft ActiveSync.
Please note that the 'setvar' variable needs to be on one line. When copying from here, it may make those values inside that variable multiple lines.
SecAction \
"id:400001,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded|
|multipart/form-data| |multipart/related| |text/xml|
|application/xml| |application/soap+xml| |application/x-amf|
|application/json| |application/cloudevents+json|
|application/cloudevents-batch+json|
|application/octet-stream| |application/csp-report|
|application/xss-auditor-report| |text/plain|
|application/vnd.ms-sync.wbxml|'"
Jean-François Ruel
Hi Nick,
I'm fairly new to the new WAF implementation in Kemp LoadMaster.
I enabled the new WAF on some of our VSs and we do indeed trigger the rule 920420 for ActiveSync.
In your example, do you create a custom rule with it ?
If i understand correctly, this will allow the content type globally. If we want to allow it only for a specific URL (the one we are using for ActiveSync), we would have to add the section :
REQUEST_URI "@beginsWith URL"
Am i correct ?
Jeff