Forum Discussion
Jonathan_c
Cirrus
CirrusHelp with ASM URL wildcard syntax
Hi, I need to create a URL whitelist for a directory structure such as this: /constant-name/constant-name/any-name/any-name/.../.../*.css /constant-name/constant-name/any-name/any-name/.../.../*.p...
Thanks Nikoolayy1 ,
I did not use positional parameters before , it is very useful option to use.
Nikoolayy1
MVP
MVPYup after that you can make the parameter static/dynamic or enable/dissable attack signatures for it like any other normal patameter as Jonathan_c example's is as command injection attack maybe for the URL this is not detected and if after using positional parameters still this is not blocked then the attack signatures need to be checked if the correct one is present and enforced (not in staging). The command injection signature can be enforced only for the positional parameter if it causes false postives in other places.
Nikoolayy1
yes as you said , I know that there is an Attack signature preventing ping executions.
but sometimes I test to inject such these codes in urls but it does not be blocked be blocked because it matches attack pattern ,
such as this Example " https://shoping.com/index/curl -v 10.20.20.20/items/.....
Curl should be Blocked because it matches with attack signature and i am sure it is enforced.
whereas when writing this " https://shoping.com/index/<script>/items/....." it is blocked because it matches with XSS signature pattern.
But , in any case this request " https://shoping.com/index/curl -v 10.20.20.20/items/....."should be blocked because it violates http protocol compliance.
> I think the command execusion differs from XXS from Attack signature Patterns perspective ,
I think command execustion will be blocked if it get an output from backend server.
This is my thought , I will be happy if you correct me.
Thanks Nikoolayy1