OM
Apr 26, 2024Nimbostratus
Open Redirection Mitigation
hello,
ASM has a feature to mitigate the open redirection attacks when the redirect happens at the header level (i.e: with Location in response).
When the redirection is within the payload response, the ASM does not block it.
do you guys know about any ASM configuration that may address this issue and mitigate this kind of attack ?
thanks.
o.
Hi OM,
if this it the request: "https://website.com/redirect.jsp?url=https://google.com"
Then url is a parameter and https://google.com is a parameter value. In ASM you can control which parameter values are allowed. Issue solved.Sample config:
And the result:
KR
Daniel