Forum Discussion
ramann_75062
Nimbostratus
NimbostratusCheck only for Attack Signature
Hi@all,
I try to build a base configuration that only checks for Attack Signature.
To do this, i created a new HTTP class and in this, I select customer configuration and deselected all checks (Headers, Cookies,..) expect "Application Security" and "URI Paths" because I made a filter for /cgi-bin/*
After saving, I and open this class again, the "custermer" flag is no more selected, but the rest (deselected all checks expect "Application Security" and "URI Paths") is OK
When i now look into the reports, I looks like that all requests to /cgi-bin/ are completely checked, like:
Illegal empty parameter value Yes No No
Illegal meta character in parameter value Yes No No
Modified domain cookie(s) Yes No No
What do I wrong?
Cheers
Bjoern
PS: BIG-IP 9.4.6 Build 401.0 Final
- Hey Bjoern,
The HTTP Class filters are not the security checks which are applied - they are strictly the filtering criteria that determine which traffic is processed by which security policy.
The change what violations a specific policy is looking for try looking in the Blocking Policy - found here: "Application Security -> Web Applications -> *pick your application* -> Policy -> Blocking -> Settings".
This is the list of how the ASM will treat each violation type it sees. Simply remove the checks for Learn, Alarm, and Block for all of the violations you don't want the policy to check. =]
