While the Risk plug-ins serve as adapter for a particular detection technology, the Action plug-ins provide mitigating actions in case of malicious HTTP requests. In nevisDetect, two Action plug-ins provide mitigating actions within the Nevis Security Suite.
The NevisProxyActionPlugin provides the following actions concerning the HTTP request processing of nevisProxy:
- PASSTHTROUGH: nevisProxy forwards the request to the application. By adding some special HTTP headers to the request, the application is informed and can react accordingly.
- AUTHENTICATE: nevisProxy terminates the authenticated session. The user has to log in and authenticate again.
- BLOCK: nevisProxy blocks the request of the user.
With the NevisAuthActionPlugin, the login process of nevisAuth can be influenced:
- STEPUP: nevisAuth executes an additional AuthState, depending on the configuration of nevisAuth. Consider the following example: The user is authenticating with a password. If nevisAuth receives the action STEPUP, it will execute an additional Challenge/Response AuthState, thus making the login of the user more secure.
- DENY: nevisAuth denies the login attempt of the user.
Custom Action plug-ins
By the Action plug-in concept within nevisDetect, it is possible to integrate any third party system with nevisDetect. This is done by implementing the Action plug-in interface of nevisDetect.