ASM SQL injection action changed based on source ip location

Question

Hello,&nbsp;We have a ASM case being reported in which the SQL injection is being blocked in general but the same signature is only results in an alert when the traffic is incoming from a particular source country. &nbsp;Has anyone seen this behavior, I don't think we have manually configured any such behavior so its really strange to even hear of this.

erik_novak · Answer

Can you confirm that no Geolocation protection is enabled and that there are no IP address exceptions configured for that particular range of IP addresses?

david_m · Answer

Yes I double checked we have not configured such exceptions or using geo locations.

Also I think the problem is a different one, they just reported it this way but that's not what's happening so I guess this thread can just stop here for now..

Forum Discussion

ASM SQL injection action changed based on source ip location

Recent Discussions

How to export a list of paired external service providers from APM?

How to Renew F5 Device Certificate

BIG IP LTM - Multiple application on single VIP with multiple ports allowed.

Service discovery is not happening in AS3

Statistics ›› Analytics : HTTP : Overview

Related Content

WAF evasion techniques for Command Injection

AI Security : Prompt Injection and Insecure Output Handling.

Serverside SNI injection iRule

Mitigating OWASP Web Application Risk: Injection exploits using F5 Distributed Cloud Platform

Mitigating OWASP API Security Risk: Injection flaws using F5 XC Platform

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS