Forum Discussion
Hussein_Ghazy
Nimbostratus
NimbostratusBypassing ASM measures to allow a vulnerability Scanners
Hi All,
The Websites are protected with ASM policies and we planning to start doing frequent PenTesting.
I will add the IP Address of the PenTester to the IP Address Exception under each ASM policy, and enable "Never Block This IP Address", and 2 more of the options to enabled (Ignore in Anomaly Detection, and Ignore IP Address Intelligence).
I think now the PenTesing can start with no blocking form the ASM policy??
Thanks in Advance
Regards
Hussein
4 Replies
David_StoutYou might find this iRule handy 🙂
when HTTP_CLASS_SELECTED { Disable ASM if client is on a specific network address range if { [IP::addr [IP::client_addr]/32 equals x.x.x.x] } { ASM::disable } elseif { [IP::addr [IP::client_addr]/26 equals x.x.x.x] } { ASM::disable } else { ASM::enable } Save a copy of the URI in lowercase for multiple tests set test_uri [string tolower [HTTP::uri]] Disable ASM for specific URI if { $test_uri contains "/upload" } { ASM::disable } elseif { $test_uri contains "/test" } { ASM::disable } elseif { $test_uri contains "/microsoft" } { ASM::disable } else { ASM::enable } Verify method is POST bypass ASM if { ([HTTP::method] eq "POST")}{ ASM::disable } }
Vitaliy_SavransNacreous
Yes, PenTesting can start with no blocking from ASM- Hussein_Ghazy
Hi David,
Thanks for the IRule, that is another option i can use.
However, can IP Address Exception do the same function (not to block the vulnerability scanner from scanning the Web servers) ??
Regards
Hussein
- Hussein_Ghazy
thanks everyone
