Forum Discussion
Dave_S_183930
Nimbostratus
NimbostratusASM Signature Blocking, but not Enabled?
So I get a user ticket that says the user was blocked on the Application dir Access (\manage) signature. When I go to disable this attack signature on the parameter, it's not listed in the Global Sec...
nathe
Cirrocumulus
Cirrocumulusfirstly, that attack signature is a URI one in scope so you won't be able to assign it to a parameter.
Secondly, what I suspect is the signature is enabled and the traffic learning is just identifying that it's been triggered and you can now make an exception if required. In this case you might only be able to disable it on the policy? Or does the learning suggestion mention how to allow this, possible a URL parameter instead?
Do you see the signature in Application Security - Attack Signatures - Attack Signature List? Filter on 200000011.
Hope this helps,
N