Forum Discussion
MSZ_221163
Nimbostratus
Oct 17, 2017Apache Webserver
Hi If my application is not using Apache webserver then is there any need to include the signatures related to the Apache Server?
Let say my app is working on some webserver other than the Apache and I included the signatures named "OTHER WEBSERVER". Is it ok?
1 Reply
- Jad_Tabbara__J1
Cirrostratus
MSZ,
When building the ASM policy with Attack Signature protection, it is better to determine the following information about the application you intend to protect.
- OS
- Web Server
- Languages, Frameworks & Application
- DB Servers
After determining theses information, from the "Attack Signature" screen select the corresponding ones. For example:
- OS: Windows
- Web Server: IIS
- Languages, Frameworks & Application: ASP.NET
- DB Servers: MySQL
In this way you will select only Attack Signatures that applies to your application. Doing so will limit the false positive.
Hope it helps
Regards