Exclusion list for HTTP Client Protections

[borek]

Hey,
i've got here little trouble. One of our customers is experimenting with Application Intelligence / HTTP Client Protections / Microsoft Internet Explorer option (more precisely Block createTextRange Overflow Vulnerability) and smart defense blocks that connection under the rule 99812 if the client connects to the specific site(s).

When he marks that option, little hint comes out:
"HTTP client is a browser software package that enables a user to view documents hosted by Web servers.
Multiple vulnerabilities have been discovered in the most popular Web browsers including Microsoft Internet Explorer, Mozilla Firefox, Netscape, Opera and more.
This class of protections prevents hackers from manipulating Web browser vulnerabilities, the most severe of which could gain the attacker complete control over the user system.
An Exclusion List has been added to the HTTP Client Protections. The Exclusion List allows you to exclude trusted Web servers from HTTP Client Protections inspection. Any server that will be configured as a Web Server will not be subjected to the HTTP Client Protections."

So if i specify the particular server as WEB Server no more controls will be done. But it doesn't work. Smart Defense is up to date.

There is nice bypass solution for Smart Defense in this thread (Malformed HTTP) but does disable entire Smart Defense check for the IP (IP range).

Any help regarding this exclusion list is more than appreciated! thanks

[chillyjim]

People keep asking for this and it's not here yet. The answer I get from one of the folks I know is to open a call with TAC, call your SE and have it pushed up to R&D to have custom inspect code written.

I've never tried it so I don't know if it will work.