Walter.BOM Namespace
Walter.Web.FireWall Namespace
ASP-WAF | .Net API for WAF Systems

FireWallIncidentEventArgs Class

The Guard event that's being raised by the firewall when the firewall is about to create an incident allowing you to intervene

Namespace:  Walter.Web.FireWall.EventArguments
Assembly:  Walter.Web.FireWall (in Walter.Web.FireWall.dll)


public class FireWallIncidentEventArgs


You can use the firewall to test and see if you are using routs that would cause your application to block valid requests. This way you can update your blocking patterns to match valid and invalid rules.

It is always recommended to not use default routs as all bot's are scripted to use those and the fastest way to detect a malicious user is by having a honey pot or a default not implemented

private void FireWall_OnIncident(object sender, FireWallIncidentEventArgs e)
       switch (e.StackEntry.Reason)
           case Walter.BOM.FirewallBlockReasons.PenetrationAttempt:
               if (Enum.TryParse<Walter.Web.FireWall.RuleEngine.UrlValidatedResult>(e.Data[IncidentAssertType.RuleNr], out var list))
                   _logger?.Lazy().LogCritical("Url triggered {pattern} in {location} in Configuration.Rules.blockedPatterns.{list}"
                       , e.Data[IncidentAssertType.Pattern]
                       , e.Data[IncidentAssertType.Location]
                       , list);
                       , $"Update Configuration.Rules.blockedPatterns.{list} on {e.Data[IncidentAssertType.Pattern]} at the {e.Data[IncidentAssertType.Location]} in URL{e.Page.OriginalUrl}"
                       , false);

               base.LogTodo<ConfigurationTasks>(ConfigurationTasks.Setup, message: $"Test Rule \"{e.StackEntry.Rule}\" on {e.Page.OriginalUrl}", optional: true);