Forum Discussion

OM's avatar
OM
Icon for Nimbostratus rankNimbostratus
Apr 26, 2024

Open Redirection Mitigation

hello, ASM has a feature to mitigate the open redirection attacks when the redirect happens at the header level (i.e: with Location in response). When the redirection is within the payload response...
ASM WAF
open redirect
payload
response
security
  • Daniel_Wolf's avatar
    Daniel_Wolf
    May 03, 2024

    Hi OM

     

    if this it the request: "https://website.com/redirect.jsp?url=https://google.com"
    Then url is a parameter and https://google.com is a parameter value. In ASM you can control which parameter values are allowed. Issue solved.

    Sample config:

    And the result:

     

    KR
    Daniel

     

zamroni777's avatar
zamroni777
Icon for Nacreous rankNacreous
Apr 30, 2024

you can create rules to block "window.open(....)" in http response.

make sure it is not intended functionality created by the developer.