hi all,I enabled all the XSS signatures and all signatures are state no staging.why the asm don't block this : <script>alert("attack")</script>It match to some Attack Signature ID : 200101609 , 200001088, 200000098, 200001475Here is state of signature ID 200001475Thanks.

its difficult to help you without seeing Request & Responce header... Good to open support case if you find issue..

Looks like you have not configure WAF policy properly or this attack signature may be not inheritted from Parent Profile. please check and adjust accordingly. Thanks

Hi Samir,Could you share me some suggestion to check it.

did that <script>..... come in server response or client request?asm wont block it if it comes from server response.

It's client request, and asm has score 4 for event log this.

Forum Discussion

hoangnv

Nimbostratus

Nov 14, 2024

ASM don't block attack XSS

hi all,

I enabled all the XSS signatures and all signatures are state no staging.

why the asm don't block this : <script>alert("attack")</script>

It match to some Attack Signature ID : 200101609 , 200001088, 200000098, 200001475

Here is state of signature ID 200001475

Thanks.

5 Replies

Samir
MVP
Nov 14, 2024
Looks like you have not configure WAF policy properly or this attack signature may be not inheritted from Parent Profile. please check and adjust accordingly.

Thanks
- hoangnv
  Nimbostratus
  Nov 14, 2024
  Hi Samir,
  Could you share me some suggestion to check it.
zamroni777
MVP
Nov 14, 2024
did that <script>..... come in server response or client request?
asm wont block it if it comes from server response.
- hoangnv
  Nimbostratus
  Nov 14, 2024
  It's client request, and asm has score 4 for event log this.
Samir
MVP
Nov 14, 2024
its difficult to help you without seeing Request & Responce header... Good to open support case if you find issue..