Forum Discussion

Cirrus

Feb 15, 2019

ASM signature 200011026 different behaviour from 11.5.x to 12.x

Hello, A POST request (multipart/form-data) with png file inside is being blocked by ASM version 11.5.4 The request is having the Content-Type header badly crafted inside the body part, and then...

ASM Advanced WAF

security

rob_carr_76748

Nimbostratus

Feb 18, 2019

If you think that either a) this signature has been redefined in a way that means it is missing malicious content or b) the signature is not being processed correctly, this probably merits a support call.

Signatures can change from version to version, usually in order to make the signature more accurate.

Aurel
Cirrus
Feb 18, 2019
Hi, Indeed the code is not the same, probably more accurate matching less content and avoiding more false positive, or being covered by another signature.

I finally get a match after many tests, but on a different part on the request.
rob_carr_76748
Nimbostratus
Feb 18, 2019
That can happen sometimes, where a violation detected on a request will 'shadow' (my term) a violation that occurs later in the request. It's more common in older versions, i.e. in my recent experience ASM does better catching all violations in a request, not just stopping at the first significant issue.
rob_carr
Cirrocumulus
Feb 18, 2019
That can happen sometimes, where a violation detected on a request will 'shadow' (my term) a violation that occurs later in the request. It's more common in older versions, i.e. in my recent experience ASM does better catching all violations in a request, not just stopping at the first significant issue.
Aurel
Cirrus
Feb 18, 2019
Thanks a lot for sharing experience. :D