Illegal Meta Character in Value

MSZ

You can do both, as both achieves the same goal. However, I wouldn't recommend turning off the illegal meta character violation, as that way all meta characters will be allowed and you're losing some of the inherent and configurable security that way.

Your second option disables the particular value for ALL parameters, again this will work but, my preference, would be (if you can) to manually add the parameter that is seeing the violation (false positive i assume) and allow the meta character on this parameter alone. This means you've loosened the security policy as little as possible to mitigate a false positive.

Hope this helps,

N

In Input Violation: Block check is enabled for "illegal Meta Character in Value". But in Character set --> Parameter value I choose some set as Allow.

ASM will not block the Allowed parameter value even we mark enabled in Blocking Setting.

It means that the rest will be blocked as Blocking is enabled in Input Violation.

Thanks a lot.

If ASM Policy is in Blocking Mode. And we have explicitly defined the HTTP response allowed code in advanced setting.

Illegal HTTP status in response - violation in unblock setting.

Then the response codes which are not present in allowed list will be blocked or give alarmed and reach to the application.

Please suggest.

The user request will be fulfilled or it will get the error of 406 code.

Thank for the response.

What about the illegal [xxxxxx] length? If ASM policy is in blocking mode and Violation is set to unblock.

Suppose allowed length=100 and detected length=150 In this case Alarm will generate and user's request will be fulfilled with 150 length or it will not fulfilled due to allowed length=100.