Forum Discussion
snoonanCLG
Nimbostratus
NimbostratusCMS causing False Positives
Hello, I am recently seeing many false positives relating to CMS (Kentico EMS) on one of my F5 ASM policies. As it is CMS and marketing department would be editing web sites etc. we are seeing m...
When protecting a CMS this is a common theme.
What I have done previously is, if possible, to identify the legitimite users and whitelist or unblock request coming from them.
It is also important to configure the correct content types on the URL's. You will propably have a bunch of URL's which are being used to upload content. The URL's should be defined in the policy and under header based content profiles, set to not do anything with the request body. This is the single biggest reason for false positives.
You might also encounter parts for the application which simply cannot be passed correctly by AWAF/ASM and you will be forced to disable the security. This is just a fact of life. You then need to think of alternatives to compensate for this gap.
Hope it makes sense 😄
lnxgeek
MVP
MVPWhen protecting a CMS this is a common theme.
What I have done previously is, if possible, to identify the legitimite users and whitelist or unblock request coming from them.
It is also important to configure the correct content types on the URL's. You will propably have a bunch of URL's which are being used to upload content. The URL's should be defined in the policy and under header based content profiles, set to not do anything with the request body. This is the single biggest reason for false positives.
You might also encounter parts for the application which simply cannot be passed correctly by AWAF/ASM and you will be forced to disable the security. This is just a fact of life. You then need to think of alternatives to compensate for this gap.
Hope it makes sense 😄