Forum Discussion
URL parameter not working (ASM)
Hi all,
I'm new to the ASM and currently trying to protect an application that uses URL parameters in some requests.
I want the ASM to allow only named parameter values and configured them at
Security --> Application Security --> Allowed URL --> URL parameters
as static values. Everything up to allowed URL is working as expected unless the parameters are not restricted to the values I defined. I can still enter any value I like and it's gonna be interpreted by the application.
What I'm missing in my rule?
Thanks
René
Check your policy blocking settings. As I always tell my students there are three things required for ASM to block.
- The policy must be in blocking mode.
- The entity must not be in staging.
- The blocking settings (learn, alarm and block) must have block ticked for that violation.
There is a specific violation related to static parameter settings, it is easily missed.
- Kevin_Davies_40Nacreous
Check your policy blocking settings. As I always tell my students there are three things required for ASM to block.
- The policy must be in blocking mode.
- The entity must not be in staging.
- The blocking settings (learn, alarm and block) must have block ticked for that violation.
There is a specific violation related to static parameter settings, it is easily missed.
- natheCirrocumulusKevin - good clear advice on this one. try to follow these rules myself. Interesting "Illegal static parameter value" doesn't seem to be enabled for learn,alarm or block by default. At least not for my quick test on v11.4.1.
- Rene_Bader_1308Altostratus
All,
- natheCirrocumulusGreat news.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com