HTTP Whitelist Scenario: Process

The HTTP whitelist tool monitors HTTP(S) calls in a number of steps.

The HTTP whitelist scenario helps you to monitor HTTP(S) calls in your system. Using various whitelists, you can specify which HTTP(S) calls are to be allowed and which are to be blocked. Each whitelist is assigned an HTTP context type that covers a particular type of HTTP call:

  • Trusted Network Zone

  • Clickjacking Framing Protection

  • CSS Style Sheet

  • Cross-Origin Resource Sharing (CORS)

Process

Whitelists are typically checked and edited in the following phases:

  1. Logging Phase: In this phase, HTTP(S) calls should only be logged. All accesses for the respective HTTP context type are logged, but are not checked yet.
  2. Simulation Phase: Once the log entries have been analyzed, you can enter suitable URL patterns in the corresponding whitelist and check the effects by analyzing the log results again. You can perform a simulated check to identify which calls would be blocked by an active check and which would be allowed.
  3. Final Phase: Once the simulation has been carried out successfully and, if necessary, the relevant whitelist has been modified, you can activate the check. Log entries should only be made for blocked accesses.
  4. Monitoring: Later, you should check the log entries periodically and, if necessary, modify the relevant whitelist.

You can carry out different actions in each phase:

  • You specify the type of check and log entry that you want to use for the individual HTTP context types.
  • Once the log results of an HTTP context type have been analyzed, you can add selected URL patterns to a whitelist or remove them from a whitelist.
  • You can add a URL pattern to a no-log list if it is always to be blocked and therefore does not require a log entry.
Related Information