Forum Discussion

THE_BLUE's avatar
THE_BLUE
Icon for Cirrostratus rankCirrostratus
Sep 03, 2020

Header Based content profile

If i have form with Content-Type: multipart/form-data; boundary ................ that require file upload , when any file attached it is give attack signature detect. i have tried to add some ch...
ASM Advanced WAF
devops
security
Lidev's avatar
Lidev
Icon for Nacreous rankNacreous
Sep 08, 2020

If the violation raised by ASM is "arp execution" it's because ASM has revealed during the analysis of the request certain elements which make it think of a command execution attack.

If you think it's a false positive, you can disable the signature attack on the item (url/parameter) that raised the violation.

 

You cannot see in detail what analysis and performed by the ASM on signature attacks, these elements are protected so that we cannot bypass this security part.

 

Adding the server technologies used by your servers in the ASM policy can indeed at first glance limit false positives

THE_BLUE's avatar
THE_BLUE
Icon for Cirrostratus rankCirrostratus
Sep 08, 2020

so since "arp execution" is related to linux , and in server technologies linux not there , so i can remove linux attack signture from this policy right?