Skip to main content

Manage virtual patches

Virtual patches are custom, short-term rules that block HTTP requests matching specific criteria (for example, URL, parameter keys or values, and so forth) before an application can process them.

Organization Administrators and RulesAdmins can view and manage virtual patches.

To add a virtual patch:

  1. In the user menu, under Policy management, select Virtual patches.

  2. Find virtual patches by using the language filters or the search field above the grid.

    VirtualPatchFilterSearch.png
  3. Click on the name of a patch to edit the rule configuration, or select Add virtual patch to add a new one.

    You can also select the Delete icon to delete a rule or use the toggles in the grid to enable or disable each environment.

  4. In the window that appears, add a Name and Description .

    AddVirtualPatch.png
  5. Under Apply to, use the radio button to choose whether the rule applies to specific Applications, an Application language or an Application technology. After clicking the appropriate button, use the multiselect field that appears to further refine your choice.

  6. Under Conditions, use the dropdowns to select the conditions under which the patch should apply to the applications. Select Add another condition in a separate row, if necessary.

    When you select how the virtual patch value is applied, select one of the following options:

    • Equals

    • Contains

    • Matches (using Perl-Compatible Regular Expressions - PCRE)

    • Does not equal

    • Does not contain

    • Does not match (using Perl-Compatible Regular Expressions - PCRE)

    Both the Matches and Does not match options support the use of Perl-Compatible Regular Expressions (PCRE). If you select Matches or Does not match option, you can define a regular expression that matches a value in the selected field of the HTTP request.

    If the expression matches, or does not match as specified, the virtual patch is applied and the mitigation action specified in the patch configuration is taken.

    Note

    Regular expressions can be very powerful, but they can also be complex and difficult to create correctly. If you're not familiar with PCRE expressions, ask for assistance from a security expert or Contrast Security to ensure that your Virtual Patches are configured correctly and effectively.

    As a starting point, look at Regular expression reference. This reference provides some examples of what is possible with PCREs.

  7. Select Add to save the configuration.