Forum Discussion

GlaseRing's avatar
Icon for Nimbostratus rankNimbostratus
Aug 25, 2021

ASM don't block XSS

hi all,

why the asm don't block this : "</script><script></script>"><script>alert(150)</script>&arguments=-N2019,-A,-N325,-N0"

all the XSS signature are enabled and i see in the security logs that there is some XSS attacks that get blocked.

4 Replies

  • That string should trigger an attack signature violation. On my system, the attack signature ID is 200001475. Do you see that signature in your event log and is it possible that the signature is in staging?

  • it's not in staging.

    i don't see it in the log.

    i had some override on different URL and i deleted it and still no block.

    what am i missing?

  • How is that string being passed to the application? Is it via form input? Does that form input have parameters which are defined in the policy? If so, are XSS attack signatures applied to the parameter, and is the parameter enforced or in staging? Also, verify that the request is passing through the virtual server. It's possible that random tags, such as your first </script> example are not perceived as threats because a closing tag such as that, by itself, is not a threat.

  • Thank you Erik,

    I found my missed configuration on the parameter.