RAW

About

General View of RAW

When a new path is added in the RAW tab, the view is as follows. By clicking the Add Common Rule for RAW button, RAW control is enabled for the relevant path. Now, when a request with RAW content is made to this path, it will be subject to WAF rules based on the added rules. Before clicking the Add Common Rule for RAW button, it appears as Rule Source > All Paths. The reason for this is that no RAW control has been performed on the relevant path, so RAW control has been inherited from All Paths. If it had been inherited from a Glob Path it would have appeared as Rule Source > Relevant Glob Path (/admin/login.*).

If the request is not JSON, XML or Form and a body is sent, the TR7 WAF rules in the RAW field are applied. At the same time, within the JSON, XML and Form fields;

Block Invalid JSON Contents

Block Invalid XML Contents

Block Invalid Form Contents

If it is not activated, and "unparsable (unparsing)" contents are sent to the path, the relevant content is subject to the TR7 WAF rules in the RAW field. If it needs to be blocked, it is blocked according to the rules in the RAW field.

Interface

Add Common Rule for RAW Screen

Add Common Rule for RAW Form

- Virtual Host Group

Displays the information about which Virtual Host Group the relevant path belongs to.

- Path

Displays the information about the modified path.

- Area

Displays information about the modified control field.

- Total Raw Body Size "Content-length" (kb)

Limitation is made for the Content-length header information of the incoming request.

No RestrictionLess Than or Equal toEquals toGreater Than or Equal toRange

By selecting No Restrictions, no filtering is done.

By selecting the Less Than or Equal to operator, it is activated if the given value is less than or equal to.

The equals operator is selected and is activated if the given value is equal.

By selecting the Greater Than or Equal to operator, it is activated if the given value is greater than or equal to.

By selecting the Range operator, it is activated if the given value is within the relevant range.

- Maximum Parsable Body Limitation

The body size exceeding of JSON, XML and Form fields is managed through the RAW field. The operation to be performed in case of body size exceeding is selected here. The size limit here is configured from the Advanced Settings tab in the WAF management screen under Max. Processable Body Size (kB).

Block Unparsed BodyAllow Unparsed Body

- Block Unidentified Requests

It blocks unrecognized, faulty HTTP requests.

- Raw Body Allowed Mime Types

If it is desired to restrict the mime types of content sent in the RAW field, the restriction mode is switched on, and the names of the allowed mime types are written. It is checked whether the defined mime types are included in the calculated real mime type information of the content.

For example, when the restriction mode is switched on and image is written, all mime types containing image are allowed. Requests with mime types other than image will be blocked.

- OWASP Check

Specifies whether each variable and value in the RAW content will be subject to OWASP checks.

- OWASP Exclusions

If subject to OWASP controls, OWASP Rules can be added as exceptions based on the structure of the incoming request.

- Detailed Log

Determines whether the variable or value where an attack is detected in the WAF log will be written to the description section.

- Add

Clicking the Add button adds the RAW general setting.

- Interface Representation in TR7 ASP After Adding the Check Field

After adding the RAW check field, the interface representation in TR7 ASP when clicked on the relevant path is as follows.