Recently we have upgraded VCS Expressway from 8.8.2 to 8.10.4. we had a call policy in ur VCS-E to block unauthenticated origin with Empty source alias. it was working fine in V8.8.2. Post upgrade, All the authenticated & unauthenticated calls are getting blocked by the below Call Policy.
As per admin document, On newer versions (8.10.x/8.11) both authenticated and unauthenticated calls looked up by call policy.
also, if the source is blank in CPL, VCS newer version will treat my rule as Unauthenticated and Authenticated origin and gets blocked.
Now my objective is..
Block Unauthenticated origin with empty alias calls from internet (hackers calls with blank alias)
<!-- Deny calls from Empty Source Aliases --> <taa:rule unauthenticated-origin="" destination=".*"> <reject status="403" reason="Denied by policy1"/> </taa:rule> </taa:rule-switch> </taa:routed> </cpl>l>