Selectors are segments of a request that Web Application Protector rules look in for attacks, which means no rule applies to an entire request all at once but by selector segment. You can use these selectors to add exceptions to your security policy rules. You can add exceptions to your rules if you know that the rules are throwing false positives, or you want to omit parts of a request from inspection.
For example:
GET /one/two/three/four/my-file-name.mp3?session=3&name=fakeName HTTP/1.1
Host: www.fakehostexample.com
Accept: application/json
Cookies: foo=examplecookie
{"first":1, "second":2, "third":3}
The following values are available for the selector string enumeration for both recommendations and declined recommendations:
| Value | Description |
|---|---|
ARGS | A generic alias for the query string existing in both the body or the URL. Use this selector to match either the body or the URL. |
ARGS_NAMES | Argument names. In the example, session and fakeName. |
FILES_NAMES | Name of MIME-encoded filename within a mime-encoded body to exclude from inspection. |
JSON_NAMES | The name of the JSON member. In the example, first, second, and third. |
JSON_PAIRS | Name/value pairs in JSON the body. On its own, bypass network does all of them, JSON_PAIRS:"name of json key" excludes that specific JSON name/value pair from inspection. In the example, "first":1, "second":2, and "third":3. |
QUERY_STRING | In the example, 1?session=3&name=fakeName. |
REQBODY_PROCESSOR_ERROR | Whether an error occurred processing the request. Errors often indicate suspicious activity. It's a good idea to inspect this element, and not exclude it from inspection. |
REQUEST_BODY | The entire body of the request. In the example, {"first":1, "second":2, "third":3} |
REQUEST_COOKIES | The request cookie name-value pair. In the example,foo=examplecookie. |
REQUEST_COOKIES_NAMES | The request cookie name value. In the example, foo. |
REQUEST_FILENAME | The file name to exclude from inspection. In the example, my-file-name.mp3. |
REQUEST_HEADERS | The name and value of the request header. In the example, Host:www.fakehostexample.com and Accept:application/json. |
REQUEST_HEADERS_NAMES | The name of the request header to exclude from inspection. In the example, Host and Accept. |
REQUEST_METHOD | The request method to exclude from inspection. In the example, GET. |
REQUEST_PATH_SEGMENT | The part of the path you specify. For example, /one/two/three/. Use *to include the whole path. |
REQUEST_PROTOCOL | The request protocol to exclude from inspection. In the example, http. |
REQUEST_URI | The full URL segment without the request method. In the example, /one/two/three/four/my-file-name.mp3?session=3&name=fakeName. |
VALUES | The value you want to exclude when it appears in a header, cookie, or parameter. |
XML_PAIRS | Name/value pairs in XML body. |