ASM don't block XSS

Question

hi all,why the asm don't block this : "&lt;/script&gt;&lt;script&gt;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()&lt;/script&gt;"&gt;&lt;script&gt;alert(150)&lt;/script&gt;&amp;arguments=-N2019,-A,-N325,-N0"all the XSS signature are enabled and i see in the security logs that there is some XSS attacks that get blocked.

erik_novak · Answer

That string should trigger an attack signature violation. On my system, the attack signature ID is 200001475.  Do you see that signature in your event log and is it possible that the signature is in staging?

glasering · Answer

it's not in staging.i don't see it in the log.i had some override on different URL and i deleted it and still no block.what am i missing?

erik_novak · Answer

How is that string being passed to the application? Is it via form input? Does that form input have parameters which are defined in the policy? If so, are XSS attack signatures applied to the parameter, and is the parameter enforced or in staging? Also, verify that the request is passing through the virtual server.  It's possible that random tags, such as your first &lt;/script&gt; example are not perceived as threats because a closing tag such as that, by itself, is not a threat.

glasering · Answer

Thank you Erik,I found my missed configuration on the parameter.&nbsp;

Forum Discussion

ASM don't block XSS

Recent Discussions

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

SSL bridging without SSL proxy forward

Related Content

Block IP after a number of ASM Blocks

ASM block page for use with API waf policy

Can't upload msg file - ASM block

ASM blocked page redirect

ASM blocked request contains & (ampersand) symbol in parameter value

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS