RuleNumber Enumeration
A static class used to map rule numbers to rule names (reference only)
Namespace:
Walter.Web.FireWallAssembly: Walter.Web.FireWall (in Walter.Web.FireWall.dll)
Members
| Member name | Description | |
|---|---|---|
| None | No rule applied | |
| CrossSiteRequest | Accessing a resource from outside the domain (cross site) is rejected if the domain is not white-listed | |
| SaltHeader | If Request contains a Salt header then Match UserSalt with header | |
| SaltCookie | If Request contains a Salt header as well as a Salt Cookie then Match UserSalt with header and salt cookie | |
| SessionHeader | If Request has SessionId header then it should Match the Page Session Hash | |
| SessionCookie | If Request has SessionId header then Match Page Session Hash and user Cookie Session hash | |
| PageGroupHeader | If Request has PageRequest Group Header then Match to Page was send to user | |
| PageGroupCookie | If Request has PageRequest Group Header and CookieWas set then Match to Page was send to user | |
| AddHockRequests | If resource referred by other domain then this must be enabled on the endpoint | |
| DistributedDenialOfService | The same page would only be visited a given time in a given time span by users that do not interact with the page | |
| HitRatioViolation | The same page would only be visited so many times by a user in a given time in a given time span | |
| RejectKnowsMaliciousUsers | The user should not be flagged as malicious by database, cookie or session storage | |
| RefreshViolations | The same page has been refreshed to often | |
| PenetrationAttempt | The user provided a url that looks like a penetration attempt was made | |
| Scrubbing | The user is not supposed to data-mine the provided data | |
| WrongProtocol | The wrong protocol | |
| WrongUserType | Wrong user type | |
| BlockedGeography | If the requested resource or the firewall doesn't allow access from a geographical region then intervene | |
| UserGenerated | User generated block request | |
| FilterActionProtectorViolation | Action Protector filters rejected the request | |
| ModelFilterViolation | Model did not contain a page request in the proper association | |
| LimitedReferrersOnly | The resource or AJAX endpoint is accessed from a location that was not white-listed for the endpoint with the annotation | |
| NotSupportedHandler | A Handler was called that is not supported | |
| PhishyRequest | A Phishy request was detected | |
| AgentsConsideredMalicious | A bad browser was used | |
| PoisonedCookies | The user provided a cookies have been altered, looks penetration attempt are made | |
| AgentsReputationBlocksAccess | the agents reputation blocks access to the resource | |
| NavigationOutsideRenederedSiteMap | The user navigated to a link that was not provided to him | |
| RejectPortScanners | The reject port scanners | |
| RejectHoneyPotTraps | accessed a link that was set to be a honey pot | |
| RejectAPIAccess | API access is not allowed | |
| RejectAccessForISP | Internet service provider is blocked | |
| RejectAccessUAForISP | Internet service provider blocks User Agent | |
| RejectTCPResetAttacks | a possible TCP reset attack received | |
| TCPResetAttack | A TCP reset attack detected | |
| BlacklistedUser | The user was blacklisted | |
| BlacklistedIPAddress | The IP address was blacklisted | |
| BlacklistedInterNetServiceProvider | The Internet service provider was blacklisted | |
| BlacklistedCountry | The country was blacklisted | |
| CSPReportGeneratedByBrowser | The browser triggered a CSP violation | |
| PortPhishyRequest | A request from a source intercepted that attempted to access the application as well as monitored non application ports | |
| CommonVulnerabilitiesExposuresExploits | A known Common Vulnerabilities and Exposures exploits (CVE) | |
| RejectTorNodes | The reject tor nodes |