For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Dan_Markhasin_1's avatar
Dan_Markhasin_1
Icon for Nimbostratus rankNimbostratus
Oct 26, 2015

Apply ASM attack signatures to URLs?

Hi,   Is it possible to apply ASM attack signatures detection to URLs? This is the scenario I am trying to solve:   1) Assume we have a RESTFul web service that returns user details given a use...
ASM Advanced WAF
security
Dan_Markhasin_1's avatar
Dan_Markhasin_1
Icon for Nimbostratus rankNimbostratus
Oct 26, 2015

Hi Tim,

 

The SQL Injection signatures are in fact enabled, and successfully block SQL injections if these come in the request body.

 

This is identified by ASM as a SQL Injection attack: POST to with a body that looks like: {"user":"' OR 1=1 --"}

 

This is not identified by ASM as a SQL Injection attack: GET to '%20OR%201=1%20--

 

Instead, ASM detects that the request has illegal characters in the URL - which is fine, but it means it is not applying attack signature validation to the URL itself...