Forum Discussion
Block specific parameter value
Hi AHMADAD,
you say that you want to prevent sites and hostnames as parameter value. But in my opinion this is a site:
ALLOW: https://hostname/index.html?para1=name1.html
Or do you consider this a page and pages are allowed?
Could you explain what you are trying to protect or prevent with this? Are you trying to protect yourself from CSRF? There is a solution for this: K11930: Overview of the BIG-IP ASM CSRF protection feature.
However, in my opinion this rather sounds like something that should be solved at the level of the application and not in a WAF.
KR
Daniel
Hi Daniel,
Thank you for your response.
Exactly, i considered this a page and its allowed but i don't want users to insert sites in parameter values, i 100% agree with you that this is something should be resolved at application side but was trying to help in my end as workaround 😉
Thanks for sharing the CSRF link, we don't want to apply this solution as we have not tested it for this specific application and it may has negative side effects
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com