Forum Discussion

mwitt_65218's avatar
mwitt_65218
Icon for Nimbostratus rankNimbostratus
May 19, 2009

How to disable a particular Attack Sig for a specific user-input parameter

Greetings,     I have the 416-page user manual but have had no other training, so please bear with me.     I am having problems figuring out how to disable a particular Attack Si...
app sec
BIG-IP Access Policy Manager (APM)
security
mwitt_65218's avatar
mwitt_65218
Icon for Nimbostratus rankNimbostratus
May 19, 2009
Thanks to you both for your replies, Hoolio and Ben.

 

 

I had used Global for Parameter Level for this username parameter that has a Parameter Value Type of User-Input Value.

 

 

In Parameters - Attack Signatures, I had used the << button to bring to the Overridden Security Policy Settings the SQL-INJ ROOT@ from the Global Security Policy Settings. It was Enabled when I brought it over with the << button, so I changed to disabled and clicked UPDATE. I was told by an employee that this other employee jroot@morrison.com still could not login. So then I had disabled in Attack Signatures - Policy Attack Signatures the SQL-INJ ROOT@.

 

 

I just now went to Attack Signatures - Policy Attack Signatures to click the Enabled check box for SQL-INJ ROOT@ to re-enable. I disabled this yesterday in an attempt to allow this user to login successfully, but I had a feeling that this would turn off the SQL-INJ ROOT@ for the whole policy as you have confirmed.

 

 

I just now went again to Parameters and clicked on the username parameter. I clicked on Attack Signatures. I used the >> button to remove SQL-INJ ROOT@. I then used the << button to bring again the SQL-INJ ROOT@ from the Global Security Policy Settings to the Overridden Security Policy Settings and I made sure that the State dropdown is Disabled. I applied the policy. The staging is set for 7 days though, so I do not know if these changes just now will go into effect immediately or after the staging period.

 

 

Anyway, I will give it another try. Maybe the timing was off when an employee told me that the other employee jroot@morrison.com still could not login after I had done what you suggested.

 

 

Just now I decided though to change the Parameter Level of the username parameter from Global to Object as suggested just to see if this helps. I used HTTPS for the Object Path since this is what is in the URL in the Browser. When I read here the mention of Object versus Global, I thought that Object might be better for this parameter that is for textbox on the web page.

 

 

Thanks again VERY much for your replies!