Use the Request Filter

We strongly recommended that you have a secure firewall in place to protect the public site. If for some reason you do not have a firewall, you can use the request filter included with the Patron Edge Online to provide some level of protection against malicious activity. This activity can include overloading due to an excessive amount of user requests, which can occur as the result of a malicious attack or a site survey by web crawlers.

The request filter uses heuristic rules with user-defined parameters to identify requests that may have originated from malicious sources. If user requests are identified as threats, they can be redirected or denied.

When enabled, the request filter checks the following specific items by default:

• The “User-Agent” field in the HTTP header of each request is checked.

Note: To unlock the user, access the record again and clear the Lock checkbox.

• The number of Patron Edge Online sessions initiated by the source IP address is monitored to determine if it exceeds the defined limit. Sessions from a single source that exceed the defined limit are often identified as flood attacks, which are intended to overload the site.

You can also specify IP addresses to block or allow. The request filter then manages the lists of IP

addresses, which are used to ensure malicious requests are denied and legitimate requests are allowed.

Any address on the blocked IP address list is denied access to the websites. Any IP address that originates a flood attack is automatically added to this list. Any address on the allowed IP address list is always granted access.You can manually add or remove addresses from either list as needed.

Enable or disable the request filter

1. On the Patron Edge Online administration site, at the top of the screen, click Monitor.

2. On the navigation bar, select System Status, Request Filter Status. The Request Filter Status screen appears.

3. To enable the request filter, on the toolbar, click Settings. The Request Filter Configuration screen appears.

4. To enable the request filter, mark Enable. To disable the request filter, revisit this screen and clear the checkbox.

5. In the Clear Interval [] minutes fields, enter the number of minutes that should pass between clearings. For example, if you enter “15,” the blocked and allowed IP address lists are cleared of expired items every 15 minutes.

6. Click OK to return to the Request Filter Status screen.

Configure the request filter

This procedure provides information about configuring parameters for the default action that occurs when specific requests are identified.

1. On the Patron Edge Online administration site, at the top of the screen, click Administration.

2. On the navigation bar, select System Setup, Request Filter. The Request Filter screen appears.

3. To specify the action that occurs when a user request is identified as a threat, double-click the Default action row. The Edit Record screen appears.

4. In the Value field, to adjust the parameters for the default action, enter a duration of time during which all requests from the same IP address will be denied and designate an address where the requests will be redirected.

The default format of the value is:

blockTime=<duration>|goto=<address>

The <duration> is the period of time, specified in seconds, during which all requests from the same IP address will be denied. Replace the word “duration” with the number of seconds. The

<address> is the resource to which the request will be redirected. Replace the word “address”

with the address of the page where the request will be redirected.

5. Click OK to return to the Request Filter screen.

6. To designate individual redirection addresses for specific users identified by the User-agent field in the respective HTTP header, double-click the UserAgent row. The Edit Record screen appears.

7. In the Value field, enter the specific user-agent to block and the corresponding redirection address.

The default format of the value is:

agent=<user-agent>|goto=<goto addr>;...

The <user-agent> segment is where you specify the user to block. Retain the brackets and replace “user-agent” with the value of the User-Agent field as it appears in the HTTP header of a request. The <goto addr> is the resource to which the request will be redirected. Replace the

“goto addr” with the address of the page where the request will be redirected. To enter multiple user-agents in the Value field, separate the entries with a semi-colon.

8. Click OK to return to the request filter screen.

9. To specify the maximum number of sessions allowed per IP address in a given time period, double-click the Sessions/IP row. The Edit Record screen appears.

10. In the Value field, you enter the specific number of sessions allowed in the specified time.

The default format of the value is:

sessions=<no. of sessions>|seconds=<no. of seconds>

The <no. of sessions> segment is where you specify the maximum number of sessions to allow during the specified time. Replace “no. of sessions” with the maximum number of sessions to allow. The <no. of seconds> segment is where you specify the amount of time (in seconds) that requests will be allowed.

11. Click OK to return to the request filter screen.

12. To enter IP addresses that should be permanently blocked, double-click the IPDeny row. The Edit Record screen appears.

13. In the Value field, enter specific IP addresses to block. When entering IP addresses to block, use the IP1;...;IPn format. If you enter multiple addresses, separate them with a semi-colon.

The addresses you enter here are added to the Blocked IP addresses list, with the expiration date set to 00:00:00. To adjust the expiration date, access the list and make your changes. For

information about how to adjust the expiration date, see “Manage the blocked and allowed IP addresses list” on page 30.

14. Click OK to return to the request filter screen.

15. To enter IP addresses that should be permanently allowed, double-click the IPAllow row. The Edit Record screen appears.

16. In the Value field, you enter specific IP addresses to allow. When entering IP addresses to allow, use the IP1;...;IPn format. If you enter multiple addresses, separate them with a semi-colon.

The addresses you enter here are added to the Allowed IP addresses list, with the expiration date set to 00:00:00. To adjust the expiration date, access this list and make your changes. For

information about how to adjust the expiration date, see “Manage the blocked and allowed IP addresses list” on page 30.

17. Click OK to return to the request filter screen.

18. To configure the time interval in which the blocked and allowed IP address lists are cleared of expired items, double-click the ClearInterval row. The Edit Record screen appears.

19. In the Value field, enter the number of minutes that should pass between clearings. For

example, if you enter “15,” the blocked and allowed IP address lists are cleared of expired items every 15 minutes.

20. Click OK to return to the request filter screen.

Manage the blocked and allowed IP addresses list

This procedure provides information about viewing blocked and allowed IP addresses and adding, removing, and setting the expiration date for blocked and allowed status.

1. On the Patron Edge Online administration site, at the top of the screen, click Monitor.

2. On the navigation bar, select System Status, Request Filter Status. The Request Filter Status screen appears displaying the blocked and allowed IP addresses.

3. To add a new IP address to the list, on the toolbar, click Add new entry. The IP Entry screen appears.

4. Mark either Deny or Allow as the type. In the Details sections, enter the IP address and

expiration date. After the expiration date, a blocked address is no longer blocked and an allowed address is no longer permanently allowed. Click OK to add the address to the list and return to Request Filter Status screen.

5. To edit the expiration date for the blocked/allowed status of an IP address, select the address in the list and click the Edit entry on the toolbar. The IP Entry screen appears.

6. To adjust the expiration date, enter the new date in the Until field or click the calendar and select a date. Once you make changes, click OK to record the new date and return to the request filter status screen.

7. To delete an address from the list, select the address and on the toolbar, click Delete entry.