Disallowed response code - upstream resp code in UI

DESCRIPTION

In a log of a Disallowed response code, the upstream response code is not present in UI and present in JSON log key app_firewall_info.description. For example "description": "Disallowed response code (404)" (see attached file).

SecOps user would like to filter security event on a specific code. He can't do that in filter menu and in column list.


IMPACT

Error response code returned by the upstream is a criteria for security analytics. Having the ability to filter on upstream response code, even it was blocked by WAF, will improve incident resolution.

  • Alexis DA COSTA
  • May 16 2023
  • Planned
  • Attach files