THE_BLUE
Feb 13, 2021Cirrostratus
unblock illegal parameters
what is the best practice for ASM policy?
If I have unchecked "illegal parameter" from policy, is this risky? or we can mitigate this by doing sth.
what is the best practice for ASM policy?
If I have unchecked "illegal parameter" from policy, is this risky? or we can mitigate this by doing sth.
It depends on what you are trying to achieve... Could you provide a little bit more information about what issue you trying to solve by disabling this violation?
I have dynamic parameters, so each time asm block the parameter. That's why I'm asking if i have unchecked this violation is it risky ?
note that all parameter value with meta characters will be blocked.
so how illegal parameters affect website security?
There is no 100% correct answer is it risky or not - it depends on application.
If you know all parameters, which are allowed in your app, then defining such list and forbid all other parameter will be a good protection.
The more strict configuration you define, the better protection you will get.
As I see, there are several ways how you can avoid block by "Illegal parameter" violation without disabling it:
Thanks, Ivan
If I have this parameters:
and so on,
I have create one parameter Terms[*].Groups , but the new parameter ex Terms[4].Groups does't match the wildcard why?
Hello,
This happens because you have special characters in name of wildcard parameter.
To make it work like special character you need to create wildcard parameter with name Terms\[*\].Groups
Thanks, Ivan
thank you , i will try that.