Response Processors: Warning Processor

The warning processor is designed to allow a warning message to be presented to a user without completely blocking site access. The warning processor only enables the ability to respond to a user with a "warning", which would allow them to continue browsing the page and the site. The warning would be created and activated for a user by the auto response system, or manually from the console. The existing processor overlays semi-transparent HTML elements on top of the entire webpage, which temporarily disables any mouse or keystrokes on the page and, therefore, creating a "modal dialog" effect. This processor isn't designed to completely stop an attacker from using the website; it is there to warn them. Given the browser debugging tools available today, an attacker might be able to dismiss the warning by means of such tools. Any tampering with the warning's default dismissal behavior (waiting 5 seconds until dismissal button is automatically enabled and clicking on dismiss button) will be considered an incident and will be tracked.

Table 37: Warning Processor Configuration Parameters

Parameter

Type

Default Value

Description

Basic

Processor Enabled

Boolean

True

Whether traffic should be passed through this processor.

Advanced

Default Warning Message

String

"Your connection has been detected performing suspicious activity. Your traffic is now being monitored."

The default message to use in the warning dialog. This can be defined on a session by session basis, but if no explicit value is assigned to the warning, this value will be used.

Default Warning Title

String

Security Warning

The default title to use in the warning dialog. This can be defined on a session by session basis, but if no explicit value is assigned to the warning, this value will be used.

Dismissal Delay

Integer

10 Seconds

The amount of time in seconds that must elapse before the warning can be dismissed. This is a soft limit, as an experienced user might be able to get around enforcement measures.

Dismissal Resource

Configurable

Random

The information needed to define the URL and response used to dismiss a warning.

Warning Directory

String

Random

The name of the directory where the warning Javascript and css code will be served from. For example: warningcode.

Incident: Warning Code Tampering

Boolean

True

The user has attempted to dismiss the warning without waiting the delay and using the provided mechanism. This is probably an attack on the warning system.