Forum Discussion
Character set in ASM
Hi Everyone,
I would like to know the following from experts, under Security> Application Security Tab there are following sub tabs as given below and all of them have "Character set" as sub-tab
- URL
- Parameters
- Headers
how the character set under URL, Parameter and Headers effects the traffic differently or they all are the same??
Regards,
- nathe
Cirrocumulus
Techgeeg, they work in the same way but independently of each other. By having them separate allows for more granular positive security. For example you might need to allow the ' character (single quote) for a surname parameter (to allow for names such as O'Neil) or across all parameters, but you might want to block this character in all headers or URLs.
Hope this helps,
N
- Techgeeeg
Nimbostratus
Thanks Nathan for the reply if I need to block a character set in the file name or in the user-id and password field then in this case the character set in which one of them should be allowed or blocked??? I do understand if i need to allow or block any URL i will fix it in the URL character set but what about fields.
- nathe
Cirrocumulus
the user fields should reflect a parameter name/value pair
- Techgeeeg_28888
Nimbostratus
Thanks Nathan for the reply if I need to block a character set in the file name or in the user-id and password field then in this case the character set in which one of them should be allowed or blocked??? I do understand if i need to allow or block any URL i will fix it in the URL character set but what about fields.
- nathe
Cirrocumulus
the user fields should reflect a parameter name/value pair
- Techgeeeg
Nimbostratus
Hi Nathan,
I am sorry but i was not able to get your reply... let me put my question again...
If I need to block a character set in the file name or for the user-id and password field then in this case the character set in which one
- URL
- Parameters
- Headers
of the above three should be addressed and put to allowed or blocked???
As an example .... I do understand if i need to allow or block any URL I will fix it in the URL character set.
Regards,
- nathe
Cirrocumulus
Parameters. Add the character as Allow or Disallow. To be more granular you can add an explicit parameter and do the same
- Techgeeeg_28888
Nimbostratus
Hi Nathan,
I am sorry but i was not able to get your reply... let me put my question again...
If I need to block a character set in the file name or for the user-id and password field then in this case the character set in which one
- URL
- Parameters
- Headers
of the above three should be addressed and put to allowed or blocked???
As an example .... I do understand if i need to allow or block any URL I will fix it in the URL character set.
Regards,
- nathe
Cirrocumulus
Parameters. Add the character as Allow or Disallow. To be more granular you can add an explicit parameter and do the same
- Techgeeeg
Nimbostratus
Thanks Nathan.... so what i am understanding is that for managing the input fields we have to play with the Character set under Parameters is this correct to say?
- nathe
Cirrocumulus
Yes
- Techgeeeg_28888
Nimbostratus
Thanks Nathan.... so what i am understanding is that for managing the input fields we have to play with the Character set under Parameters is this correct to say?
- nathe
Cirrocumulus
Yes
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com