Dell SonicWALL Secure Mobile Access 8.5
Administration Guide
301
To compare the variable(s) to more than one value, you can enter multiple values separated by spaces
into the Value field, and select the Matches Keyword operator. Delimiting by spaces only works if the
Matches Keyword operator is selected.
• Anti-Evasive MEASUREs – This field allows you to apply measures beyond those supported by the
Operators field, especially to enforce Anti-Evasive protection. See About Anti-Evasive Measures on page
304 for more information about these measures.
The following sections provide detailed information about rules:
• About the Tips/Help Sidebar on page 301
• About Variables on page 301
• About Operators on page 303
• About Anti-Evasive Measures on page 304
• Example Use Cases for Rules on page 305
• Deleting a Rule on page 307
• Cloning a Rule on page 308
• Adding or Editing a Rule on page 308
About the Tips/Help Sidebar
You can select a variable in the Variables drop-down list to display more information about that variable in the
Tips/Help sidebar. The sidebar explains when each variable would be used and where it is found in the HTTP
protocol. An example use case is provided for each variable.
You can also select an entry in the Anti-Evasive Measures drop-down list to display more information about it
in the Tips/Help sidebar.
The sidebar also provides context-sensitive search. When you click on a variable and then search for a particular
keyword, the search results are only related to variables.
About Variables
Variables are HTTP protocol entities that are scanned by Web Application Firewall to help identify legitimate or
illegitimate traffic. Multiple variables can be matched against the configured value in the Value field. The ‘+’
and ‘-’ buttons allow you to add variables from the Variables drop-down list or delete them from the list of
selected variables.
You can combine multiple variables as required to match the specified value. If multiple variables are
configured, then the rule is matched if any one of the configured variables matches the target value.
A variable can represent a single value or a collection. If a variable represents a collection, such as Parameter
Values, then a specific variable within the collection can be configured by entering its name in the selection
text box to the right of the colon (:). For example, the value for the URI or Host variable is unique in each
HTTP(S) request. For such variables, the selection text box is not displayed. Other variables, such as Request
Header Values and Response Header Names, represent a collection.
If you need to test the collection itself against an input, then you would leave the selection text box empty.
However, if you need to retrieve the value of a specific item in the collection, you would specify that item in
the selection text box. For example, if you need to test if the parameter password exists in the HTTP(S)
request, then you would configure the variable Parameter Names and leave the selection text box empty. You
would set the Operator to String equals and the Value to password. But, if you want to check whether the
value of the password parameter matches a particular string, such as “foo,” then you would select the
Parameter Values variable and specify password in the selection text box. In the Value field, you would enter
foo.
Ta b l e 3 4 describes the available variables.
To Next Page
Loading...
