Forum Discussion

Jesse_42915's avatar
Jesse_42915
Icon for Nimbostratus rankNimbostratus
Dec 27, 2011

Disable specific ASM attack signatures on specific URL?

I'm trying to disable some ASM attack signatures on a specific URL only, and not for the entire policy. Is that possible?     I'm running v 10.2.3  
app sec
BIG-IP Access Policy Manager (APM)
security
Jesse_42915's avatar
Jesse_42915
Icon for Nimbostratus rankNimbostratus
Dec 28, 2011
Posted By hoolio on 12/27/2011 03:29 PM

 

What type of attack sigs do you want to disable? Once you define the specific URL in the policy, you shouldn't have any URL attack signatures applied to the URL as it's been explicitly defined.

 

 

You can disable attack sigs on a specific URL's parameters by defining the URL, creating a * wildcard parameter on that URL and unchecking 'Check attack signatures on this parameter'.

 

 

Aaron

 

Thanks to both of you for the reply's.

 

 

I have disabled some attack signatures on the parameters as you described, and that seems to work well if there is a parameter to deal with. But what if there is not specific paramater?

 

 

 

For example, I've got some blocking from Signature ID 200002279 - SQL-INJ "delete from" (Headers). In this example, it isn't a parameter that is being enter that is causing the issue. How would I disable that signature on a specific url?