Configuration Management: Whitelisting a request in dotDefender
The purpose of this procedure is to define the actions to be taken to create a whitelist in dotDefender.
- The reference ID of the block
- Access to dotDefender
- Knowledge of regex
- Log into the dotDefender interface with your administrative credentials.
- Expand Default Security Profile > Patterns > Custom Rules.
If you are whitelisting a request from a specific existing rule:
- Click User Defined Request Rules. Find the rule and click on the page icon (on the right-hand side) to bring up the properties.
- In the URI text-box, enter a regular expression for the request you want whitelisted for the rule.
This allows any request to http://anysite.com/tc/admin/groupemail and http://anysite.com/tc/admin/sitebuilder/
- Check the Apply this rule to all URIs except specified above checkbox.
- Click OK.
- Click the green arrow on the right-hand end of the top menu to apply the settings. You will receive a confirmation that the settings have been applied.
If you are adding a global whitelist (that the URI will not be passed through any rules), the process is the same, except you will be creating the whole rule instead of adjusting an existing one.
- Click User Defined Request Rules > Add New Rule and enter in a description for the rule. Click Next.
- The Description can be anything. Generally what your rule is doing (or just your rule). It won't change the way the whitelist works.
- Select the radio button for Search in custom fields of HTTP requests and click Next.
Select the Standard HTTP request fields radio button and choose Match with incoming URI (REQUEST_URI) from the drop-down menu. Click Next.
- Enter your pattern.
For the Take action drop-down menu, select Allow request (whitelist). Optionally, you can have dotDefender log these requests by checking the Write to Log checkbox. However, if this is a heavily trafficked site, it would be wise to turn this off if you're whitelisting so as to not fill the logs.
- Click Next.
- Select Apply to all pages (as the rule itself is allowing all requests to the pages you want, entering a URI here is redundant). Click Next and then click Finish.
- If there are multiple domains going to the site, it is recommended to edit the rule just created by clicking the page icon next to the rule.
- Once this opens, adjust the keyword to reflect the change. To do this, remove everything except for the path of the request, which should be whitelisted (so http://mysite.com/tc/admin/sitebuilder becomes /tc/admin/sitebuilder). You will also need to add a "^" to the front of the path, which forces the match to be at the beginning of the PATH_INFO. This prevents whitelisting something like http://mysite.com/badcode/tc/admin/sitebuilder.
- Click OK to save the changes.
- Click the green arrow on the menu to apply the settings. You will receive a confirmation that the settings have been applied.
Note: It is in your best interest to keep your rules all under the default policy. This helps reduce the amount of confusion that can be had with individual sites having their own sets of rules and helps to enforce policies to all the sites.
Owner: Chief Information Security Officer
Questions: Chief Information Security Officer
Effective Date: 01/01/2016
Last Reviewed Date: 04/24/2019
Last Reviewed by: DataBank Security
Next Review Date: 04/2020