Forum Discussion
How could I exclude Vulnerability scanners from Session Tracking?
- Jan 10, 2017
Is it bad form to answer my own question?
Anyhow, using logging I discovered that the violation name wasn't matching correctly. Here is a rule that I've now deployed and tested.
when ASM_REQUEST_DONE { if {([ASM::violation names] contains "SESSION_AWARENESS" && [ASM::violation count] < 2 && [IP::addr [IP::client_addr] equals n.n.n.n/m])} { ASM::unblock } }
Is it bad form to answer my own question?
Anyhow, using logging I discovered that the violation name wasn't matching correctly. Here is a rule that I've now deployed and tested.
when ASM_REQUEST_DONE {
if {([ASM::violation names] contains "SESSION_AWARENESS" && [ASM::violation count] < 2 && [IP::addr [IP::client_addr] equals n.n.n.n/m])} {
ASM::unblock
}
}
You're a genius, thanks so much. This is exactly the same issue we are having. If you don't mind, I'm going to submit this as a feature enhancement request to add this option to the IP address exception configuration. Seems like a no-brainer to me, I'm surprised it wasn't added already. You don't want legitimate vuln scanners to get blocked by session tracking--makes the results invalid.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com