Forum Discussion
NimbostratusASM Violations on a URL
Nimbostratus-
Illegal Method violation is independent of request paths. It's a policy-wide setting. Look into request logs and take note of request body. To give an arbitrary example, request in logs could be something like
. If you decide (either by yourself or after discussion with application specialists) that PUT method is required for normal application operation, you should add PUT to list of allowed methods. Again this is just an example, you need to look into logs to figure out which HTTP method caused the violation. If you don't want to see those violations in logs and you do not wish to block illegal method requests, you can go to Blocking Settings, and untick "alert" and "block" boxes next to "Illegal Method" violation, and apply changes. I recommend to keep this violation enabled, "block" box ticket at all times.PUT www.buy.com/value1 -
An Attack signature violation needs to be investigated in logs. There's zero possibility that any attack detection signature matched because you requested . Therefore the links you provided are irrelevant here. Again, you need to look into request logs and observe the signatures that were matched. Possibly the request to had a header or cookie which contained malicious data, for example, an attempt to execute Shellshock attack. Deciding on attack detection signatures is more difficult. If you trust the source, it's best to disable the attack detection signature. If not, you need to wait further and see how frequently these violations trigger, from how many different IPs and from which geographic locations those violating requests arrive, and so on. There's no rule that gives you correct answer on 100% occasions. You make a best-effort call based on the data you have/collect.
