Security Pattern Exceptions
Security Pattern Policy Exception Handling
1. Check Security Log
Check the detected attack logs to identify targets requiring exception handling.
| Item | Content |
|---|---|
| Target Information | Displays detailed information about the detected attack. |
| Attack Type | Displays the type and pattern details of the detected attack. |
| Header | Displays the actual Header value detected within the HTTP protocol. |
Exception Handling for Security Pattern Policy by URL
This is a method to process exceptions for detection cases occurring in specific URLs.
1) Access Policy Settings Menu
Go to [POLICY] > [Company] > (Double-click Domain Group) > [SET POLICY] menu, or click [OPEN POLICY SETTINGS] on the log screen.
2) Add Exception URL
After checking the blocked URL, add the corresponding URL to the policy list.
3) Default Template Exception (DeepFinder Pattern)
If blocked by a default pattern provided by DeepFinder, set the action of the corresponding pattern to ALLOW in the added URL item.
4) Exception Handling after Creating User Template (User Defined Pattern)
If you need to create a new pattern for exception handling in addition to default patterns, register a user pattern in the [TEMPLATE] > [SECURITY PATTERN] menu.
| Item | Description |
|---|---|
| SYSTEM | Security patterns provided by DeepFinder by default. |
| USER | Security patterns newly registered by the user as needed. |
[Details on Security Pattern Group and Pattern Registration]
| Category | Item | Description |
|---|---|---|
| Group Info | Name | Enter security pattern group name. (Min 1 ~ Max 255 characters) |
| Type | Select the direction and target of the data to inspect. • REQUEST: Client → Web Server Request Data • RESPONSE: Web Server → Client Response Data • HEADNAME: Header Name Inspection • HEADVALUE: Header Value Inspection |
|
| Company | Set the company to apply the security pattern group. | |
| Pattern Info | Name | Enter individual security pattern name. |
| Risk | Select the risk level of the corresponding security pattern. | |
| Check | Regular expression verification function. You can test if the entered regex works correctly. |
5) Apply User Security Pattern (Set ALLOW)
Find the newly added user pattern in the Domain Policy > (Select Policy URL) > [SECURITY PATTERN] menu.
Set the action of the pattern to ALLOW.
6) Adjust Priority
Set the priority of the added new (exception) pattern one step higher than the existing blocking pattern causing false positives, then save.
7) Check Application Results
To verify if the settings have been applied correctly, forcibly trigger an event, then check the setting status and whether block logs are generated.
Global Security Pattern Exception for Root [/]
This is a method to apply exceptions to the entire domain group (Root path [/]), not specific URLs.
1) Access Policy Settings Menu
Go to the [POLICY] > [Company] > (Double-click Domain Group) > [SET POLICY] menu.
2) Disable Blocked Pattern (Set to NONE)
- Select
[/](Entire Path) from the Policy URL List tab. - Click the
[SECURITY PATTERN]tab. - Check the pattern or group currently being blocked, then change the action to NONE.
3) Check Application Results
To verify if the settings have been applied correctly, forcibly trigger an event, then check the policy setting status and block logs.