WTD web action to POST is not working properly when target server only allows POST method.
Originally Published: 2015-08-24
Article Number
Applies To
RSA Product/Service Type: Silvertail
RSA Version/Condition: All versions that support 'web' action.
Platform: Linux
Platform (Other): null
O/S Version: Red Hat Enterprise Linux 6.x
Product Name: Silvertail
Product Description: Web Threat Detection
Issue
When the web action is used in rules before SilverTail/Web Threat Detection will POST the data a GET must first be preformed once to create the {webaction}_cookies.txt file under /var/opt/silvertail/etc/conf.d/ActionServer-*/ path. As long as that file exists then another GET will not be sent to the target server. If the {webaction}_cookies.txt is removed or renamed another GET request will be sent the next time that action is triggered before data can be POST to the target server.
Target servers will some times be locked down to only receive POST actions. If this is the case the target server will either ignore the request or respond with a 405.
Syslog example:
Jun 30 15:45:12 WTD4622 actionserver.py[44439]:Action Folder Watcher:INFO:GET request to http://webserver.test.gdc-rsa.net/POST_test/unprotected
Jun 30 15:45:12 WTD4622 actionserver.py[44439]:Action Folder Watcher:CRITICAL:HTTP Error updating cookie for URL "http://webserver.test.gdc-rsa.net/POST_test/unprotected", 405
Syslog example when a GET is allowed before POST action:
Jul 2 19:52:53 WTD51 actionserver.py[64472]:Action Folder Watcher:INFO:GET request to http://webserver.test.gdc-rsa.net/POST_test/unprotected
Jul 2 19:52:53 WTD51 actionserver.py[64472]:Action Folder Watcher:INFO:POST request to http://webserver.test.gdc-rsa.net/POST_test/unprotected with params balFlag=flag&BA=page&Timestamp=2015-07-03+01%3A52%3A37.041&Rule=Protected_site_POST_test_unprotected&EngineContext=Mitigator&handler=web&User=Not+Available&IP=192.168.107.55&Date=Fri+Jul++3+01%3A52%3A37+2015&BaValue=%2F&Page=%2F
Cause
Resolution
Workaround
Related Articles
PASSCODE slow to appear in post dial terminal window after end user enters username (and domain name depending on the conf… Number of Views ACM-100162 || PV_USER_ALL_ACCESS view does not include custom attributes post 7.1.1 installation Number of Views RSA Identity Governance and Lifecycle IDC Unification is slow in "Step 8/10: Post-Processing: Populate Role Metrics" after… Number of Views RSA Governance & Lifecycle SAP Connector Datasheet Number of Views Intermittent failure of AA to post challenge questions. Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA Authentication Manager 8.8 Setup and Configuration Guide
Don't see what you're looking for?
