Forum Discussion
Lyonsy_271608
Altocumulus
AltocumulusWAF Blocking templates on upload
Hi Guys
Have an issue with templates (html and css) being uploaded to a certain url detects them and blocks as Cross Site Scripting (XSS), Detection Evasion, Other Application Attacks, SQL-Injection
is there anyway to allow them through to the specific area they will only ever come via 1 url
thanks in anvance
when HTTP_CLASS_SELECTED { ASM::enable if { [HTTP::uri] starts_with "/*****" } { ASM::disable } }
ErkkiS_295148Cirrus
If this comes from a trusted developer IP the easiest way would probably be whitelisting him: Security ›› Application Security : IP Addresses : IP Address Exceptions ›› New IP Address Exception...
IP Address Exception Properties IP Addressdeveloper_source_ip Netmask255.255.255.255 Policy Builder trusted IP Disabled Ignore in Anomaly Detection Enabled Ignore in Learning Suggestions Enabled Never block this IP Address Enabled Never log traffic from this IP Address Enabled
Lyonsy_271608it comes from a specific URL to upload the template so guessing i give it the static ip of that url it should work?
thanks
- Lyonsy_271608
didnt work via the ip
boneyardMVP
depending on the attack signature type you might be able to disable it on a parameter.
if you can't you need to do something with different ASM policies. you can't disable based on URI for attack signatures easily shamefully.
- Lyonsy_271608
managed to do this via an irule
when HTTP_CLASS_SELECTED { ASM::enable if { [HTTP::uri] starts_with "/*****" } { ASM::disable } }
- Lyonsy_271608
when HTTP_CLASS_SELECTED { ASM::enable if { [HTTP::uri] starts_with "/*****" } { ASM::disable } }
- boneyard
ah still version 10? or older version 11? have a look at upgrading.
do understand this disables all ASM protection, so not just a few signatures disabled but everything.
it might be better to change ASM policy based on URI, that way you keep some protection at least.