For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Dan_Markhasin_1's avatar
Dan_Markhasin_1
Icon for Nimbostratus rankNimbostratus
Oct 26, 2015

Apply ASM attack signatures to URLs?

Hi,   Is it possible to apply ASM attack signatures detection to URLs? This is the scenario I am trying to solve:   1) Assume we have a RESTFul web service that returns user details given a use...
ASM Advanced WAF
security
Tim_K_92675's avatar
Tim_K_92675
Icon for Cirrostratus rankCirrostratus
Oct 26, 2015

Ok, so I think I was able to replicate what you're seeing.

 

My guess is the ASM engine does not see a GET request for '%20OR%201=1%20-- as illegal because the SQL Injection-like character set is not contained after a question mark signifying the query string portion of a URI. I can get the SQL Injection signature block by doing something like this:

 

https://f5testdmzqa.rjf.com/?' OR 1=1 --

 

...as well as including a query string key/value pair like:

 

https://f5testdmzqa.rjf.com/?user=me' OR 1=1 --