Forum Discussion

Jonathan_c's avatar
Jonathan_c
Icon for Cirrus rankCirrus
Feb 19, 2023

WAF Attack Signature Level

Hi, I have a specific URL defined in the ASM Allowed URLs ("/path01/page.aspx" for our example), which has "Check attack signatures" checked. In the Parameters we have only Wildcard with Ignore Val...
asm
attack signatures
parameters
security
waf
xss
Jonathan_c's avatar
Jonathan_c
Icon for Cirrus rankCirrus

Hi Sebastiansierra,

I've double checked and we don't have any attack signature in staging.

The issue is that I don't understand the order, or precedence, of things - 

Wildcard parameter setting is set to Ignore Value, but the settings of the specific URL are set to Check Attack Signatures, and there are many attack signatures which relates to the parameters section of the URL (example in screenshot).

So, is it supposed to be checked or not?

Sebastiansierra's avatar
Sebastiansierra
Icon for MVP rankMVP
Feb 23, 2023

Hi Jonathan_c ,

Do you have the violation enabled in the blocking panel for this specific protection at URL Level? if the configuration is not the problem I recommend you open a support ticket, it could be a specific bug in your version.

The configuration you have is correct, in ASM and all modules more specific is equal to first processing, wildcard will never be processed if a parameter, URL, File Type, Header, Cookie, etc is first than this,

Hope it´s work.