Forum Discussion
Help with ASM URL wildcard syntax
I also wasn't aware of the positional parameters, it looks helpful but I don't see how it can help in this scenario.
for example, if I'll create a URL with positional parameters like this:
Won't it will still allow a code injection where the wildcard is (marked red)?
Also, does this wildcard accepect one path level or any number of subfolders?
Anyway, I understand I'll need to add several more attack signatures in order to cover all bases.
Thank you Nikoolay and Mohamed for your inputs, they really helped me.
- Nikoolayy1Nov 08, 2022MVP
Better read an play/test with positional parameters to get the idea as they can work with wildcards or as wildcards (you will have to talk with your developers to get the idea how to configure the parameters) and then see if the command injections is detected and if not as I mentioned then maybe you have not added a signature set and/or enforced the correct signature.
That is my opinion and the input I can provide.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com