Forum Discussion
NimbostratusASM Wildcard URL
Hi, I'm working on ASM, policy is in blocking mode but we have removed block setting for illegal URL in blocking setting. Problem is even though we have wildcard url configured still we see explicit url is getting added to security policy. example : wildcard url '/abc//.htm' still I see new entries in allowed url like '/abc/india/001.htm' , '/abc/usa/002.htm', '/abc/uk/003.htm'. In policy building setting : File Types for which wildcard URLs will be configured (e.g. *.jpg) : .htm is added.
also in wildcard url : Learn Explicit Entities : Never (wildcard only).
What could be the reason for this
Thanks, Sachin
3 Replies
sachin_80710wildcard url : '/abc/*/*.htm'- sachin_80710under policy log we see below logs Type was set to explicit. Perform Staging was set to disabled. URL Name was set to /abc/usa/002.htm. Protocol was set to HTTP. Rule: Accept as Legitimate (Loosen), Untrusted traffic. Originating Device Name: asm.example.com
There is a setting called "Parameter Level". When you have this specified at "Global", the system will update the URL which matched a violation/learning suggestion, so if you have a wildcard, it will update the wildcard.
If you have this setting at "URL", the system will create a specific URL and then make the changes in the learning suggestion when it accepts a learning suggestion.
