Forum Discussion

natethegreat_23's avatar
natethegreat_23
Icon for Nimbostratus rankNimbostratus
Sep 19, 2016

How do you create an Attack Signature exception for one URL in a policy?

There is a SQL Injection signature that is throwing a false positive for one of the URLs in our policy. This is a high threat signature so we still want it to be in blocking, but want one URL to be exempt from it. I know that you can add URLs to the white list, but as far as I know that would white lists all traffic from them, not just one signature. Any suggestions? Thanks!

 

  • I dont believe you can.

     

    But..Create an explicit parameter and then go to its properties, under Attack Signatures tab move the offending attack signature to the Override box and select Disabled.

     

  • if what Leonardo Peralta points out doesn't work because it isn't a parameter related signature then you could run two ASM policies and disable the signature in one of them and assign that one via a local traffic policy or irule for that URI. lots of work and it doesn't scale well.