Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Response Processors: Warning Processor

    The warning processor is designed to allow a warning message to be presented to a user without completely blocking site access. The warning processor only enables the ability to respond to a user with a "warning", which would allow them to continue browsing the page and the site. The warning would be created and activated for a user by the auto response system, or manually from the console. The existing processor overlays semi-transparent HTML elements on top of the entire webpage, which temporarily disables any mouse or keystrokes on the page and, therefore, creating a "modal dialog" effect. This processor isn't designed to completely stop an attacker from using the website; it is there to warn them. Given the browser debugging tools available today, an attacker might be able to dismiss the warning by means of such tools. Any tampering with the warning's default dismissal behavior (waiting 5 seconds until dismissal button is automatically enabled and clicking on dismiss button) will be considered an incident and will be tracked.

    Table 1: Warning Processor Configuration Parameters

    Parameter

    Type

    Default Value

    Description

    Basic

    Processor Enabled

    Boolean

    True

    Whether traffic should be passed through this processor.

    Advanced

    Default Warning Message

    String

    "Your connection has been detected performing suspicious activity. Your traffic is now being monitored."

    The default message to use in the warning dialog. This can be defined on a session by session basis, but if no explicit value is assigned to the warning, this value will be used.

    Default Warning Title

    String

    Security Warning

    The default title to use in the warning dialog. This can be defined on a session by session basis, but if no explicit value is assigned to the warning, this value will be used.

    Dismissal Delay

    Integer

    10 Seconds

    The amount of time in seconds that must elapse before the warning can be dismissed. This is a soft limit, as an experienced user might be able to get around enforcement measures.

    Dismissal Resource

    Configurable

    Random

    The information needed to define the URL and response used to dismiss a warning.

    Warning Directory

    String

    Random

    The name of the directory where the warning Javascript and css code will be served from. For example: warningcode.

    Incident: Warning Code Tampering

    Boolean

    True

    The user has attempted to dismiss the warning without waiting the delay and using the provided mechanism. This is probably an attack on the warning system.

    Published: 2015-02-04