Forum Discussion

Alex_f5's avatar
Alex_f5
Icon for Altostratus rankAltostratus
Oct 17, 2018

ASM allowed URLs with header based content

hello community, I would like to get clear my ideas about the allowed urls in the ASM ... I do have an ASM policy which is still in staging but I have found some violations in JSON posts that are fa...
ASM Advanced WAF
security
cjunior's avatar
cjunior
Icon for Nacreous rankNacreous
Oct 19, 2018

Hi,

 

Just to comment, you intent to mitigate violations into url that starts with "/web/dataset/", right? Considering that all violation are disabled/mitigated on JSON profile, I may suggest you only to change the "Content-Type" value to "*json*". I can't see when JSON objects will be posted without a "json" declared content type. In case it is possible, it should go to the global wildcard treatment while you don't set all possibilities on your url object header-based conditions.

 

Just to remember, wildcards are processed from more specific to less specific. You could check/set this on menu "Security > Application Security > URL > Wildcards Order"

 

Anyway, it could be my approach.

 

Regards.