ASM: Wrong charset on policy, what's the impact ?

Question

Hello,&nbsp;
An UTF-8 encoding/charset application is protected by ASM, on which the policy has been set to another one : iso-8859-15.&nbsp;
I am considering to set a new policy with the proper charset on ASM, but i am being challenged about the real issues of the charset already set (iso-8859-15). I am curious about that and would like to clarify on how ASM could behave and either block "false" false positive and then finally requires permissive exceptions.&nbsp;

erik_novak · Answer

ASM must know the character set so it can evaluate requests based on the correct encoding. It checks if the byte sequence is correct for the specified application language. Attack signatures are useless if the application language is incorrect and learning suggestions would be meaningless.

erik_novak · Answer

You are better off creating a new policy with the new character set. For both UTF-8 and iso8859-15 encodings, undefined characters will be disallowed and you will get a failed to convert character violation, even if some of the lower characters have the same encoding. However, if configured with ISO-8859-8 and receiving UTF-8 data, ASM will try to understand the stream both as ISO-8859-8 and if it fails, will also try UTF-8. IF you absolutely can't change the application language, is it possible to selectively disable the attack signature being triggered?

Forum Discussion

ASM: Wrong charset on policy, what's the impact ?

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

What is CWE?

Whats new in NGINX Gateway Fabric 1.2?

What's Your Mission?

Access policy, LTM policy and iRules

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 2 - Policy Import)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS