CMS causing False Positives
- Apr 19, 2023
When protecting a CMS this is a common theme.
What I have done previously is, if possible, to identify the legitimite users and whitelist or unblock request coming from them.
It is also important to configure the correct content types on the URL's. You will propably have a bunch of URL's which are being used to upload content. The URL's should be defined in the policy and under header based content profiles, set to not do anything with the request body. This is the single biggest reason for false positives.
You might also encounter parts for the application which simply cannot be passed correctly by AWAF/ASM and you will be forced to disable the security. This is just a fact of life. You then need to think of alternatives to compensate for this gap.
Hope it makes sense 😄