The input controls at the top of this page are described here: Policies & Rules Entry Administration. Specific editing of a Session Flow Control entry is described below.

Overview

The Session Flow Control module blocks hostile activity based on defined sequences of session flow.

Threat actors usually behave quite differently than legitimate users. For speed and efficiency, they tend to deviate from normal patterns of activity. The Session Flow Control capabilities of Curiefense allow you to define the expected patterns of behavior, and block access attempts that deviate from them.

For example, when a legitimate user attempts to log into a web application, the initial access of the login page will generate a GET request. Subsequently, a POST request will arrive with the login credentials.

However, a hostile bot that's attempting a credential stuffing attack has no need to issue a GET, and often, will not bother to do so. Therefore, if a POST request arrives that was not preceded by a GET, this is anomalous behavior, and Curiefense can block it.

Flow Control Parameters

Flow Control Sequence

These parameters define the sequence of requests that will be enforced. The sequence consists of several sequence sections. They must be fulfilled in the order defined here.

By default, a new sequence contains two sections. Additional sections can be added by selecting the "Create new sequence section" button.

Parameters for each Sequence Section

A request will fulfill this Sequence Section if it matches all of these parameters:

• The HTTP method specified in Method

• The domain or host specified in Host

• The path specified in Path

• And the optional parameters, if any. Optional parameters can be added by selecting the "+" button; each parameter includes matching characteristics for a header, cookie, or argument.