Secure Mobile Access 100 10.2 Administration Guide

Correcting Rule Chains

Misconfigured rule chains are not automatically detected at the time of configuration. When a misconfiguration occurs, the administrator must log in and fix or delete the bad rules.

It is difficult to detect a false positive from a misconfigured rule chain unless a user runs into it and reports it to the administrator. If the rule chain has been set to PREVENT, then the user sees the Web Application Firewall block page (as configured on the Web Application Firewall > Settings page). If not, there is a log message indicating that the “threat” has been detected.

Consider a scenario in which the administrator inadvertently creates a custom rule chain that blocks access to all portals of the SMA. For example, the admin might have wanted to enforce a rule for an Application Offloading portal. However, he or she forgot to add another rule to narrow the criteria for the match to requests for that portal, host, or URL. If the first rule was too broad, then this means a denial of service for the appliance.

Specifically, the administrator creates a rule chain to deny using the GET HTTP method for a specific URL that expects a POST request.

For this, the administrator needs to create two rules

  1. The first rule is to match GET requests.
  2. The second rule is to match a specific URL.

If the administrator forgets to create the second rule, then access to the SMA appliance is denied, because the Secure Mobile Access web-based management interface depends on the GET method.

To fix a misconfigured rule chain, complete the following tasks

  1. Point your browser to https://<SMA IP>/cgi-bin/welcome.

    If you try to reach the welcome page by simply using the URL https://<SMA IP>/, the usual redirect to https://<SMA IP>/cgi-bin/welcome might not work. To repair misconfigured rules, you need to explicitly go to https://<SMA IP>/cgi-bin/welcome, where <SMA IP> is the host name or IP address of your SMA.

  2. Log in as admin.
  3. Navigate to the Web Application Firewall > Rules page.
  4. Edit or delete the bad rules.
  5. Click Accept.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.