Forum Discussion

Rene_Bader_1308's avatar
Rene_Bader_1308
Icon for Altostratus rankAltostratus
Aug 05, 2014

URL parameter not working (ASM)

Hi all,

 

I'm new to the ASM and currently trying to protect an application that uses URL parameters in some requests.

 

I want the ASM to allow only named parameter values and configured them at

 

Security --> Application Security --> Allowed URL --> URL parameters

 

as static values. Everything up to allowed URL is working as expected unless the parameters are not restricted to the values I defined. I can still enter any value I like and it's gonna be interpreted by the application.

 

What I'm missing in my rule?

 

Thanks

 

René

 

  • Check your policy blocking settings. As I always tell my students there are three things required for ASM to block.

     

    1. The policy must be in blocking mode.
    2. The entity must not be in staging.
    3. The blocking settings (learn, alarm and block) must have block ticked for that violation.

    There is a specific violation related to static parameter settings, it is easily missed.

     

  • Check your policy blocking settings. As I always tell my students there are three things required for ASM to block.

     

    1. The policy must be in blocking mode.
    2. The entity must not be in staging.
    3. The blocking settings (learn, alarm and block) must have block ticked for that violation.

    There is a specific violation related to static parameter settings, it is easily missed.

     

    • nathe's avatar
      nathe
      Icon for Cirrocumulus rankCirrocumulus
      Kevin - good clear advice on this one. try to follow these rules myself. Interesting "Illegal static parameter value" doesn't seem to be enabled for learn,alarm or block by default. At least not for my quick test on v11.4.1.
  • All,

     

    thanks for your quick response.

     

    Thanks to Nathan I found the missing link.

     

    I set the "Illegal parameter" to block and did not get that there is a setting for "Illegal static parameter value".

     

    Now it's working. :)