Forum Discussion

abdul_gafoor_31's avatar
abdul_gafoor_31
Icon for Nimbostratus rankNimbostratus
Feb 20, 2019
Solved

How to manage command execution violations on Parameters where free text is allowed.

I would like to know the best practice to deal with ‘command execution’ violations on Parameters where free text is allowed. I understand we can disable those attack signature on specific parameters....
ASM Advanced WAF
security
  • Dave_McCauley_3's avatar
    Dave_McCauley_3
    Feb 20, 2019

    Hi Abdul,

     

    There isn't much you can do. I've seen it a lot exactly as you're describing, and the best you can do is disable signatures for those parameters. If you know the systems involved, and for example its windows, you could disable a lot of the UNIX ones such as cat, etc. but it's not a great solution and would be pretty tedious. You end up adding that parameter and then disabling attack signatures since it will get hit pretty often. If you're in blocking, you could put the parameter in staging so at least you won't get a ton of blocks while you clean it up.

     

Dave_McCauley_3's avatar
Dave_McCauley_3
Icon for Cirrostratus rankCirrostratus
Feb 20, 2019

Hi Abdul,

 

There isn't much you can do. I've seen it a lot exactly as you're describing, and the best you can do is disable signatures for those parameters. If you know the systems involved, and for example its windows, you could disable a lot of the UNIX ones such as cat, etc. but it's not a great solution and would be pretty tedious. You end up adding that parameter and then disabling attack signatures since it will get hit pretty often. If you're in blocking, you could put the parameter in staging so at least you won't get a ton of blocks while you clean it up.