Forum Discussion
NimbostratusASM is detecting sql injection but still i am able to launch attack
Hi,
I am just working on my ASM lab via PHPauction web site. after putting ASM in block mode ,Sql Injection attack is detecting but still I am able to launch attack. I mean when I am entering ' or 1=1 in username , it is detecting as an attack but after pressing "back to menu" button, I am able to enter with that anonymous user and can edit user's profile . ideally it should not happen.not able to understand why it is happening? in event logs, not showing any violation or attack.
Jad_Tabbara__J1Cirrostratus
Hello Harry,
First what version are you running ?
Could you verify following :
1) In the "Blocking Settings" page, column "Block" for "Attack Signatures" must be check. Could you take a screen shot of this menu ? I want to know which "Signature Set Name" are activated.
2) Also you must enforce "Attack Signatures" or uncheck the "Enable Signature Staging" if not already done.
After that if your policy is in blocking mode it will block Attack Signatures.
FYI, in general to block an entity you must have followings :
- Policy in "Blocking Mode"
- the specific "Entity" Enforced (not in Staging mode)
- in the "Blocking settings the column "Block" is check
Hope it helps,
Give us a feedback
Regards
Harry1yes . block mode is enable. also disabled staging . I have also attached the screenshots .
- Harry1
finally resolved. need to work on learning suggestions carefully and now PHPAUCTION is secured fully.