Forum Discussion

Techgeeeg_28888's avatar
Techgeeeg_28888
Icon for Nimbostratus rankNimbostratus
Aug 08, 2015

Character set in ASM

Hi Everyone,

 

I would like to know the following from experts, under Security> Application Security Tab there are following sub tabs as given below and all of them have "Character set" as sub-tab

 

  1. URL
  2. Parameters
  3. Headers

how the character set under URL, Parameter and Headers effects the traffic differently or they all are the same??

 

Regards,

 

13 Replies

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    Techgeeg, they work in the same way but independently of each other. By having them separate allows for more granular positive security. For example you might need to allow the ' character (single quote) for a surname parameter (to allow for names such as O'Neil) or across all parameters, but you might want to block this character in all headers or URLs.

     

    Hope this helps,

     

    N

     

  • Thanks Nathan for the reply if I need to block a character set in the file name or in the user-id and password field then in this case the character set in which one of them should be allowed or blocked??? I do understand if i need to allow or block any URL i will fix it in the URL character set but what about fields.

     

    • nathe's avatar
      nathe
      Icon for Cirrocumulus rankCirrocumulus
      the user fields should reflect a parameter name/value pair
  • Thanks Nathan for the reply if I need to block a character set in the file name or in the user-id and password field then in this case the character set in which one of them should be allowed or blocked??? I do understand if i need to allow or block any URL i will fix it in the URL character set but what about fields.

     

    • nathe's avatar
      nathe
      Icon for Cirrocumulus rankCirrocumulus
      the user fields should reflect a parameter name/value pair
  • Hi Nathan,

     

    I am sorry but i was not able to get your reply... let me put my question again...

     

    If I need to block a character set in the file name or for the user-id and password field then in this case the character set in which one

     

    1. URL
    2. Parameters
    3. Headers

    of the above three should be addressed and put to allowed or blocked???

     

    As an example .... I do understand if i need to allow or block any URL I will fix it in the URL character set.

     

    Regards,

     

    • nathe's avatar
      nathe
      Icon for Cirrocumulus rankCirrocumulus
      Parameters. Add the character as Allow or Disallow. To be more granular you can add an explicit parameter and do the same
  • Hi Nathan,

     

    I am sorry but i was not able to get your reply... let me put my question again...

     

    If I need to block a character set in the file name or for the user-id and password field then in this case the character set in which one

     

    1. URL
    2. Parameters
    3. Headers

    of the above three should be addressed and put to allowed or blocked???

     

    As an example .... I do understand if i need to allow or block any URL I will fix it in the URL character set.

     

    Regards,

     

    • nathe's avatar
      nathe
      Icon for Cirrocumulus rankCirrocumulus
      Parameters. Add the character as Allow or Disallow. To be more granular you can add an explicit parameter and do the same
  • Thanks Nathan.... so what i am understanding is that for managing the input fields we have to play with the Character set under Parameters is this correct to say?

     

  • Thanks Nathan.... so what i am understanding is that for managing the input fields we have to play with the Character set under Parameters is this correct to say?