ASM policy doesn't block metacharacters in paramters name and value

Question

I have ASM policy in blocking mode for a VS rules are as below:&nbsp;
parameters allowed wildcard *, Value or Name Meta characters are now allowed only space and : allowed in value not parameter nameunder  Application Security : Blocking : Settings Illegal meta character in parameter name and Illegal meta character in value both are blockingurl allowed wildcard /page1*
when I test url parameters to check if the policy works correctly:&nbsp;
/page1?a=

rob_carr · Answer

You've indicated that test requests with &nbsp;

amr_esmat_24704 · Answer

No violations triggered, I also changed settings under blocking to alarm or block but the request passes with no violation or block triggered&nbsp;
Version BIG-IP 11.6.3 Build 0.0.3 Final &nbsp;

ido_breger_3805 · Answer

Hi,
Is staging enabled for that parameter?&nbsp;

samstep · Answer

Make sure Staging is switched off. &nbsp;

rob_carr · Answer

Violations against a parameter in staging will not trigger blocking behavior - also true for file types and URLs. Take the parameter out of staging, re-run the test and I would not be surprised if you see blocking behavior.

Forum Discussion

ASM policy doesn't block metacharacters in paramters name and value

Recent Discussions

How to Renew F5 Device Certificate

How to export a list of paired external service providers from APM?

BIG-IP Edge Endpoint Inspection Failure pre-VPN

BIG IP LTM - Multiple application on single VIP with multiple ports allowed.

Service discovery is not happening in AS3

Related Content

Metacharacters and JSON parameters

paramter for get_performance_graph_csv_statistics

Changing all paramters to global

Hi how do i remove paramter and random value from url?

I am trying to pick out a string of a decrypted JSON web token to set some paramters in it as variables that i can later use to refer in a custom HTTP header. So, the sample token i have is

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS