Response Processors: Warning Processor
The warning processor is designed to allow a warning message to be presented to a user without completely blocking site access. The warning processor only enables the ability to respond to a user with a "warning", which would allow them to continue browsing the page and the site. The warning would be created and activated for a user by the auto response system, or manually from the console. The existing processor overlays semi-transparent HTML elements on top of the entire webpage, which temporarily disables any mouse or keystrokes on the page and, therefore, creating a "modal dialog" effect. This processor isn't designed to completely stop an attacker from using the website; it is there to warn them. Given the browser debugging tools available today, an attacker may be able to dismiss the warning by means of such tools. Any tampering with the warning's default dismissal behavior (waiting 5 seconds until dismissal button is automatically enabled and clicking on dismiss button) will be considered an incident and will be tracked.
Table 1: Warning Processor Configuration Parameters
Parameter | Type | Default Value | Description |
|---|---|---|---|
Basic | |||
Processor Enabled | Boolean | True | Whether traffic should be passed through this processor. |
Advanced | |||
Default Warning Message | String | "Your connection has been detected performing suspicious activity. Your traffic is now being monitored." | The default message to use in the warning dialog. This can be defined on a session by session basis, but if no explicit value is assigned to the warning, this value will be used. |
Default Warning Title | String | Security Warning | The default title to use in the warning dialog. This can be defined on a session by session basis, but if no explicit value is assigned to the warning, this value will be used. |
Dismissal Delay | Integer | 10 Seconds | The amount of time in seconds that must elapse before the warning can be dismissed. This is a soft limit, as an experienced user may be able to get around enforcement measures. |
Dismissal Resource | Configurable | Random | The information needed to define the URL and response used to dismiss a warning. |
Warning Directory | String | Random | The name of the directory where the warning Javascript and css code will be served from. For example: warningcode. |
Incident: Warning Code Tampering | Boolean | True | The user has attempted to dismiss the warning without waiting the delay and using the provided mechanism. This is probably an attack on the warning system. |
