Forum Discussion
OM
Nimbostratus
NimbostratusOpen Redirection Mitigation
hello, ASM has a feature to mitigate the open redirection attacks when the redirect happens at the header level (i.e: with Location in response). When the redirection is within the payload response...
Hi OM,
if this it the request: "https://website.com/redirect.jsp?url=https://google.com"
Then url is a parameter and https://google.com is a parameter value. In ASM you can control which parameter values are allowed. Issue solved.Sample config:
And the result:
KR
Daniel
Lucas_Thompson
Employee
EmployeeThere are so many ways to do this, I'm not sure it's feasible but you could try. This is a good question for LLM, it came up with this simple stuff about "non-header" ways a web developer might get a browser to "go somewhere else", which is sorta like a redirect.
JS redirection:
- window.location.href: This method sets the URL of the current page. When you use this method, the browser will load the new page immediately.
- window.location.assign(): This method is similar to window.location.href, but it does not load the new page immediately. Instead, it adds the new page to the browser's history.
- window.location.replace(): This method replaces the current page with the new page. This means that the user will not be able to go back to the previous page.
Form action:
- To use the form action method, you need to set the action attribute of the form to the URL of the new page. When the form is submitted, the browser will be redirected to the new page.
Anchor tag:
- To use the anchor tag method, you need to set the href attribute of the anchor tag to the URL of the new page. When the anchor tag is clicked, the browser will be redirected to the new page.
Meta tags:
- HTML meta refresh: To use the HTML meta refresh method, you need to add a meta tag to the head section of your HTML document. The meta tag should have the following attributes:
- name: refresh
- content: "seconds;url=new_page_url"