ASM / WAF : block request containing certain string?

Question

I have added as much XSS blocking to a policy as possible. A request containing onmouseover or onclick or .... ="alert('hello')" is blocked fine.

But when it's coded like onmouseover or onclick or .... ="self['\x....... the ASM accepts this as valid.

Can I block a request with this parameter value?

How do I achieve this?

sajid · Answer

try custom attack signature Security&nbsp;››&nbsp;Options: Application Security: Attack Signatures: Attack Signatures List&nbsp;Click create and define your own pattern.&nbsp;

andréb · Answer

Hi Sajid,Your suggestion creates a "global" attack signature. And will, on creation, as I read it, be added to all the policies.We have several policies running and I don't want to mess up policies for which I'm not responsible.There is an attack signature self[] (parameter) (id 200101630) to choose from and is already added/active to the policy.But it doesn't block self['\x... ], self with HEX in it as it is added in the value part of a parameter.Maybe it's better to report it to F5 Support&nbsp;

Forum Discussion

ASM / WAF : block request containing certain string?

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Knowledge sharing: Containers, Kubernetes, Openshift, F5 Container Connector, NGINX Ingress

ASM blocked request contains & (ampersand) symbol in parameter value

Scale Multi-Cluster OpenShift Deployments with F5 Container Ingress Services

Distributed caching of authentication requests with NGINX Ingress Controller

Bug ID 878641: "TLS1.3 certificate request message does not contain CAs" not fixed?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS