Solved

HTTP Header Profiles and comma separation

  • 19 September 2023
  • 9 replies
  • 35 views

Badge +3

Hello, 

Has anyone had issues using comma separation in the referrer field of an HTTP request header? I attempted to use more than one URL comma separating them in the same field per NetSkope documentation, but it broke the URL that was already there and didn't work for the new one. I tried different variations with no luck. I had to create a new header profile for one url.. 

 

Any one else?

icon

Best answer by sshiflett 18 October 2023, 20:01

View original

9 replies

Userlevel 6
Badge +16

Hello @Natedog0024,

Apologies for the delayed response to this query.   I see this may have been addressed in a support case and a workaround in the interim is to use separate entries:


It looks like a release date for the fix is in the works but did this workaround resolve the issue in the interim? 




Badge +3

Hello @sshiflett - I am still working through this with support. They haven't confirmed it's a bug yet although I suspect that is where we will end up.

 

Separate entries in the same HTTP header profile will not work because as the documentation states, those will be AND'd together so what you have in your screenshot will be evaluated as test2.com AND test.com where I need test2.com OR test.com.

Thanks, Nate

Userlevel 6
Badge +16

I believe the individual fields are ANDed together but multiple entries for the same field are ORed:

 


If this is not the behavior you're observing please let me know so I can investigate further.  Expanding on the previous example:

 


This should function as HOST of samshiflett.com and REFERER (test.com OR test2.com).  

 




 

Badge +3

I made the change and will get back to you once I can have a user test. For clarification, can you let me know what this means in your documentation?

 

This and the grey text in the text box made me think it was CSV?

  1. Select an attribute from the dropdown and enter a value for the custom field. You can configure the following attributes for the field:
    • Regex: Enter the regular expressions you want to match against.
    • Exact Match: Enter the values you want to match against, separated by commas.
    • Numerical: Select an operator and enter the numerical values you want to match against.

    https://docs.netskope.com/en/netskope-help/data-security/real-time-protection/profiles/http-header-profile/

Userlevel 6
Badge +16

@Natedog0024 ,

By design it should be a comma separated list that can be in a single entry per header field which is referenced in the documentation.   So your initial understanding is accurate however it appears that there is an issue with this at the moment so the separate entries are a workaround until a fix can be deployed.  I have placed a note in your support case requesting info on the fix and timeline for the comma separated functionality.  This note is internal only so you may not see a ticket update come through. 

Badge +3

Hello,

Testing to see if this works or not. Just awaiting users to hit the RTP for that use case.

Nate

Badge

How did this approach work out?  We're experiencing the same issue.

Badge +3

@mgl-agarcia The workaround provided did work for us. So instead of comma separated values you just click the plus sign and add separate values that way for each field. 

 

 

Badge

Cool, thanks!

Reply